Russians claim victory over SP2

[Egaladeist]

Quote: "A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs. "


OPPS...Microsoft did it again...
article is about 3 weeks old but I haven't seen it anywhere so I thought I'd post it.



http://news.com.com/Report+Major+Win...3-5555448.html

[w0ob]

I have been expecting this. Once again microsoft made a mess out of it.
However i dont think this is something that is easily exploited. And since i've found no POC
I am gonna sit back and watch the show Nice info, Good job!

/w0ob

[nihil]

Hi Eg~ please accept my appologies in advance as I fear that this post may ruin your thread and stir up a hornets' nest.

/slightly off-topic rant

Whilst I have no objection to people protecting their intellectual property, their income and so on; and most certainly oppose piracy or counterfeiting..............I would like your opinion on the latest form of "piracy on the high street"

Consider this scenario:

Mr Average goes to a store and buys a fancy new computer rig out with "Windoze XP" ..........what he does not realise is that it does not come with a full OEM version CD............it has some funny hidden drive or a "recovery CD"

So, further down the line, when the manufacturer's warranty has expired, he has a major problem, and needs a new motherboard etc.

Now, his recovery CD will not work with this new configuration...............................he is stiffed.

He cannot bring it to me to fix, because I cannot revive XP legally........................

He has to send the machine back to HP or whoever, and get ripped off with their charge rates.

So he gets ripped off and I lose business?.............nice one Billy Windows, makes me really sorry people are not paying for your OS..............perhaps you might consider actually selling it to them in the first place?

I never thought I would see hitherto reputable companies such as Hewlett Packard sink to the level of Packard Bell and this is being actively encouraged by Micro$haft?

So who is to blame?.........................you decide...............it certainly does not seem fair or right to me.

I am taking up this matter with my local political representative, as I believe that it is contrary to European law............they have recently ruled that using a non-main agent to get your automobile serviced does NOT invalidate the warranties

I just thought I would show that anti-piracy measures can sometimes get out of hand?

Cheers

[Spyrus]

nihil: You have done it this will bring us off topic but.... I have 2 things for you, I was under the impression that if you have a legal and valid windows Key then you can legally have someoen else install it but they have to use your key. I may be wrong and don't know the legality behind it...

and topic 2, afaik this is not Microsofts fault. In fact in some computers I have seen an actual windows CD just labeled something else so you dont thinks its a full version. But this is the manufacturer who decided that it would save their company millons of dollars by not creating a bunch of restore disks for their computer therefore reducing overhead. They no longer have to send out 5 cds with every computer. Albeit that a cd is cheap and they probably only spend 30 cents to a dollar on a cd after they take the time and investment to create the cd, machinery involved, electric used etc... Now by cutting out this 5 dollars per computer by the thousands of computers sold an hour this saves the company millions. Just like when one of the airliners started only serving 1 olive instead of 2 some time ago. Saved them millions (now they dont serve anything ). But back to the point, I dont see how microsoft is at fault for this.

Back to the original thread:

I have been expecting this. Once again microsoft made a mess out of it.

With any form of patch or security if you give it enough time and put enough brains behind it they are going to crack it. Nothing in security is "Secure" No matter what if you give ppl time they will find a way to get around it. That is why we as professionals have a job and no matter how hard microsoft tries they are going to continue to have to release updates and patch holes... just like any other software company or security company.

[moxnix]

Johnno, I agree with you that is a ripoff of everyone. The customers are paying for a Windose operating system when they but HP and Compaq, but are only getting less than half their value.

Plus you can't do a complete reformat and reinstallation with that set up. Your reformat would distroy you copy of windose.

[Egaladeist]

Sorry nihil...just got back...as for being off-topic...you know I don't care about that...as for the other situation...I can only look at it from the point of ethics...as I don't know much about the law concerning this.

Ethically...

Mr Average goes to a store and buys a fancy new computer rig out with "Windoze XP" ..........what he does not realise is that it does not come with a full OEM version CD............it has some funny hidden drive or a "recovery CD"

If it is commonly assumed that a full CD comes with the unit and the store did not say otherwise, and allowed the person to believe he was getting the normal package...then...he is justified in taking whatever legal measures he can to resolve the problem...if there is nothing he can do according to by way of law...then there's the civil law approach...picketing the store...placing flyers...taking out ads...etc...

He cannot bring it to me to fix, because I cannot revive XP legally........................

Yes he can...ethically speaking...you would be right in rectifying his problem for him...it would not be considered unethical to amend a problem he should not have had in the first place...and you would be justified in doing so.

If I were to go out and buy a CD of the Greatest Hits of the Zombies and later discovered the disc was faulty and the store would not rectify the problem...I would have no problem with having a friend make me a copy of his...I did not get what I paid for.

However, this my be in conflict with the law...but certainly not ethics.

I hope this helps!

Eg

[IKnowNot]

first, Egaladeist Yes, I too have seen that, don't recall where off hand, but nice to see it for for other members that did not.

nihil I really don't know how you got from there to here !!

But yes, I have seen it, and been frustrated too! But for those who don't understand your post, I believe you are referring to the latter of the following ( correct me if I am wrong ):

1) Some local guy decides to go into business building and selling computers. He/she puts the pieces together, then loads a copy of the OS ( windows ) onto it. To keep expenses down he/she places a copy of the install disk into a folder on the hard drive. People buying the machines do not get a copy of the OS on install disk(s).

This could happen for two reasons: a), the builder has a "bulk" license, in which case the buyer should have been provided with a certificate ( proof ) of authenticity, which the builder would have to claim to the manufacturer of the OS ( M$ ) of the sale,
or b), the builder pirated the OS to save costs and the consumer is unaware and/or indifferent.

OR

2) Some big company enters into a deal with the OS manufacturer ( M$ ) at reduced cost to supply the OS but with NO, repeat, NO support. The manufacture is then required to supply the necessary support.
In this case there may or may not be a folder with the install on the drive, but will not come with an official OS ( M$) install disk(s), but usually come with a "ghost" image of the system as shipped. All updates, etc. must come from the builder/manufacturer of the machine.

In case 1 above, if the builder did not supply the certificate of authenticity and report the sale to the OS manufacturer ( M$ ) OR as in the second scenario, the buyer ( or you, the repair person ) go to the OS manufacturer for updates, questions, etc. the OS manufacturer ( M$ ) tells you they can not help, contact the manufacturer of the machine.

I have seen all of the above, but not recently. As you did not say what sparked this I can only say I used to be able to find ways around it, but have not dealt with anything since WinME. I can just imagine the problems with the new M$ constraints on XP.

You eluded to HP reducing itself to ( index fingers placed together in a cross to warrant away evil spirits ) Packard Bell tactics.

And here lies my confusion. Are M$ and HP saying that ONLY HP can fix a HP computer and YOU are not qualified?

[nihil]

IKnowNot

I guess I saw a somewhat broader viewpoint on the whole issue of Windows anti-copying? It does have impacts on the industry at a high street level.

And here lies my confusion. Are M$ and HP saying that ONLY HP can fix a HP computer and YOU are not qualified?

Effectively, yes.......................there is no full installation disk so you have to send the item back to its OEM. Because these people are in a "partnership" with MS...............the MS attitude is "take it back to your OEM". If I replace something as fundamental as the MoBo, then the "recovery disk" will not work in most cases. They will fix the machine with their overpriced parts at their inflated labour rates, and create a new recovery disk if required.

Reminds me of the true definition of partnership....................."Two thieves with their hands so deep in eachother's pockets that they cannot independently plunder a third"

When I build a machine I put the stickers on the box, write the product code in the booklet, and supply the OEM CD. That way you can change the fundamental hardware, and anyone with the requisite skills can fix the box. I also give the purchaser a receipt

I am not whinging, as hardware support is only a sideline to me, but I feel for others who are more dependent on that sort of activity.

I have seen all of the above, but not recently. As you did not say what sparked this I can only say I used to be able to find ways around it, but have not dealt with anything since WinME. I can just imagine the problems with the new M$ constraints on XP.

Yes, there is a difference.............with WinME I could buy one OS CD and load a thousand systems AND create full recovery/re-install CDs............

/me goes to think of 1,000 people I hate that badly

With XP you have to "initiate" the system, at which time it determines the hardware environment. Now, if I have a full CD this is not much of a problem, but if the OEM has done the "initiation" and all you have is a "recovery disk/partition" then you are effectively locked into your original MoBo/BIOS configuration.

I hope that explains?

Cheers

[gothic_type]

I get what you're saying, but normally the customer should get a product key for XP when they buy a computer off a major company like HP, etc. In that case, AFAIK, you should be able to use any copy of XP to install the os, and then simply use their own product key to verify it.

ac

[a morning chill]

but normally the customer should get a product key for XP when they buy a computer off a major company like HP, etc. In that case, AFAIK, you should be able to use any copy of XP to install the os, and then simply use their own product key to verify it.

Usually not. With Compaq, HP, Dell, and the likes, the XP cd's they give are not full Windows XP Home cds. They are Windows XP Home + customizations for that specific set of hardware. It isn't a matter of "won't allow it to be ran elsewhere", but that Microsoft allows companies to rewrite the setup/installation process for their own needs. This means an easy Windows XP cd that will autodetect the proper hardware (even odd hardware that comes with laptops) and properly install the drivers that a normal Windows XP Home would not come with.