Bruce Schneier believes that Microsoft's obligation to do what it can to help its users attain a secure computing environment entails that Microsoft has a duty to provide security updates to software pirates:
Posted by DeLong at June 17, 2004 08:36 PM | TrackBack | | Other weblogs commenting on this postMicrosoft's actions speak louder than words: The security of your computer and network depends... what you do... and what everyone else does to secure their computers and networks.... When many unsecure computers are connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more unsecure the average computer on the Internet is, the more unsecure your computer is. It's like malaria: everyone is safer when we all work together to drain the swamps and increase the level of hygiene in our community.
This is the backdrop against which to view Microsoft's Windows XP security upgrade: Service Pack 2 (SP2). SP2 is a major security upgrade. It includes features such as Windows Firewall, an enhanced personal firewall that is turned on by default, better automatic patching and other security improvements. Initial news stories reported that Microsoft would make this upgrade available to all XP users, both licensed and unlicensed. To me, this was a smart move on Microsoft's part. Think about all the ways the company would benefit. Licensed users would be more secure and happier. Worms that attack Microsoft products would be less virulent, so Microsoft wouldn't look as bad in the press. Microsoft would win, its customers would win and the Internet would win. It's the kind of marketing move about which best-selling books are written. Then Microsoft said the initial comments were wrong; SP2 would not run on pirated copies of XP. Only legal copies of the software could be secured. This is the wrong decision, for all the same reasons that the initial decision was the correct one....
[S]ecurity upgrades are different. Microsoft is harming its licensed users by denying security to unlicensed users. This decision, more than anything else Microsoft has said or done in the past few years, proves to me that security is not the company's first priority. Here was a chance for Microsoft to do the right thing: to put security ahead of profits. Here was a chance to look good in the press and improve security for all its users worldwide. Microsoft says that improving security is the most important thing, but its actions prove otherwise. SP2 is an important security upgrade to Windows XP, and I hope it is widely installed among licensed XP users. I also hope it is quickly pirated, so unlicensed XP users also can install it. For me to remain secure on the Internet, I need everyone to become more secure. And the more people who install SP2, the more we all benefit.
Brad,
Like it or not, most software is pirated today. In the west, I believe it is 30-40%. In Asia, we are talking about the high 80%s. In Việt Nam (where I am living), the last figures I've heard about is 94%. For many Vietnamese, a licenced copy of XP will cost you more that a year's wage. Why not buy the cracked one instead for 60c at the local bazaar? [*]
The only companies I know who use licensed software are foreign companies. With the situation, I fail to be sympathetic to Microsoft making SP2 "license only". Then again, I always though that XP was also supposed to be "license only". Product activation was meant to eliminated piracy altogether, remember? I think there's going to be a crack for SP2 any day now.
[*] Personally, I prefer Win2K, and I have a semi-legitimate copy of it from the last company I worked for. "Semi legitimate", as the license should not apply to me after I left the company. But unlike outright pirated software, I don't have to worry about trojans in side.
Posted by: Peter Murphy on June 17, 2004 09:35 PMPeter: I agree with almost all of your points, but I'm curious as to why you prefer Win2K to WinXP. From my point of view, WinXP is the only operating system Microsoft has ever put out that works. It still doesn't do everything I want it to do (notably its distressing lack of a usable shell) and the applications crash far too often, but the OS itself has only crashed on me 3-4 times in 4 years of fairly hardcore use (I'm a programmer and a gamer). What does Win2K have that WinXP is missing?
Posted by: cyclopatra on June 18, 2004 02:16 AMcyclopatra,
"What does Win2K have that WinXP is missing"
It's the other way around. WinXP has extra features that Win2K doesn't have, and they are features that I do not particularly want. Let's start with product activation, for starters. Additionally, I've never been really into skins, and actually prefer the pared-down-look of Win2K to the new flavor UI of XP. WinXP now can open Zip files natively, but it can't do other things that WinZip can do (like open *.tar.gz files from the Unix side of the world). The automatic backup features of WinXP seem really good, though - but I think I'd prefer to automate this exactly. The firewall functionality is OK, but not as good as third party products. And so on.
I find Win2K stable. I use XP installed on a machine at my gf's office, and it shutdowns every three days or so. It's a graceful shutdown (RPC problems - must die).
Cheers,
Peter
I have to agree with Peter, windows 2000 is better because of lacking 'features'
Posted by: bryan on June 18, 2004 10:39 PMIf you want the skinny on just how bad MS is when it comes to security, just go to grc.com. Between the messenger service being on by default, user-level raw socket access, and the default enabling of UnPNP (against FBI reccommendations IIRC), among other problems, XP has a slew of holes.
Posted by: adam on June 19, 2004 02:09 AMGreat site fatty lose weight with reductil and reductil uk
Posted by: reductil uk on July 6, 2004 02:15 PMGreat site fatty lose weight with reductil and reductil uk
Posted by: reductil uk on July 6, 2004 10:44 PMGreat site fatty lose weight with reductil and reductil uk
Posted by: reductil uk on July 8, 2004 03:03 PMGet it up mate, it's fun!
Posted by: Viagra on July 8, 2004 09:10 PMCui peccare licet peccat minus - One who is allowed to sin, sins less. (Ovid)
Bene legere saecla vincere - To read well is to master the ages. (Professor Isaac Flagg)
It gets yours up to the top dude! The girl will enjoy it!
Posted by: cialis on July 13, 2004 02:40 PMIt gets yours up to the top dude! The girl will enjoy it!
Posted by: cialis on July 13, 2004 07:44 PMIt gets yours up to the top dude! The girl will enjoy it!
Posted by: cialis on July 13, 2004 07:48 PMMuppets love Viagra!
Posted by: Viagra UK on July 14, 2004 03:51 AMI don't really think your thoughts are right. Maybe you need a loan?
Posted by: Loans on July 15, 2004 12:31 PMKontaktanzeigen are pretty cool, aren't they?
Posted by: Kontaktanzeigen on July 16, 2004 06:18 AMIf you're looking for Kontaktanzeigen online, check the blog!
Posted by: Kontaktanzeigen on July 16, 2004 10:41 AM