Windows Genuine Advantage Tool

[fc*uk]

hmmmmmmm....

Need I really say more?

Tells users if their copy of microsoft software is legit or not....

Naaaaahhhhhh fuck off M$!!!!!!!!!!!!!!!!

[skryingbreath]

Lets spell names with dollar symbols!

I think it's reasonable (the check tool).

[fc*uk]

Well, I smell something fishy and controling.

Lets face it, how many oppurtunities is this "tool" going to give hackers ways to break into your computer. Also, what if, like so much microsoft software, there is a flaw in it and one fine day you wake up, turn on your computer, and it tells you that your legitimate software key is not so legitimate. You call tech sopport and even send them pictures of you and your legit software key along with your thumb prints .... and they just tell you, nope, it is stollen. So, that will be $250,000 for software piracy and another $200 for a legit copy of windows....

Chew on it for a while....

[mikm]

Shame on Micro$haft! How dare they ensure that people don't use a pirated copy of their operating system! As of now, the tool only installs with user consent. If you choose to install it, you have nothing to bitch about.

Microsoft knows that the system isn't perfect and valid licenses may be erroneously reported as invalid. They will have a system in place so you don't have to buy Windows again if your legit copy is marked invalid.

Also, do you have ANY evidence (besides that fact that it's M$ OMG LOL) that this validation tool will be an easy channel for hackers to gain access to your system?

Disclaimer: all use of "M$", "Micro$haft", et al are satire. If you didn't realize that, you might need to get your head checked

[k_rock923]

Exactly, mikm. Microsoft has every right to try and ensure user's have valid licenses. They would have every right to install the tool automatically and require it to phone home before windows would work again (so blocking it with a firewall would be useless). I personally don't use Microsoft anymore. I have my reasons. That's no reason to go blindly bash them. If you have a genuine gripe, that's one thing, but this is just stupid.

[zootm]

The activation tool is fine. Meh.

[xzxzzx]

Quote:

Originally posted by fc*uk
Lets face it, how many oppurtunities is this "tool" going to give hackers ways to break into your computer.

None.

[will]

I heard that you only need hijackthis to remove it.

[shakey_snake]

Quote:

Originally posted by xzxzzx
None.

Weeellll. If a computer is infected, the newer chunks of code are usually targeted by malware authors (because it isn't as weathered).

But,the point is still moot. Not adding "new chunks of code" is more dangerous.

[xzxzzx]

Quote:

Originally posted by shakey_snake
Weeellll. If a computer is infected, the newer chunks of code are usually targeted by malware authors (because it isn't as weathered).

But,the point is still moot. Not adding "new chunks of code" is more dangerous.

... I don't understand what you're saying.

[shakey_snake]

Malware likes to infect new code because it is less refined

[zootm]

WGA isn't an access point, it only connects outyways*. There's no possibility of vulnerability beyond that of an existing program.

* Neologism invented to avoid occurence of popular social networking site

[xzxzzx]

Quote:

Originally posted by shakey_snake
Malware likes to infect new code because it is less refined

The WGA program is not a multi-purpose tool. There's just so little area to attack. I'd rather try and find a hole in the actual windows kernel, and that's pretty damn difficult. (Windows has security problems, yes, but I've never heard of one in the actual kernel.)

Quote:

Originally posted by zootm
WGA isn't an access point, it only connects outyways*. There's no possibility of vulnerability beyond that of an existing program.

* Neologism invented to avoid occurence of popular social networking site

Technically, it normally gets installed as an ActiveX control, so there's some possability of another website exploiting it. If you're using IE.

And did you mean "outward"?

[zootm]

Quote:

Originally posted by xzxzzx
Technically, it normally gets installed as an ActiveX control, so there's some possability of another website exploiting it. If you're using IE.

To gain the privileges it already has? And there's a Firefox thing for it too, for what it's worth.

As you mention, if there is a vector, it is the smallest possible vector. And even then, I'm not convinced it'd have anything to gain from it.

As for the ******d thing, I was trying to make a joke

[xzxzzx]

Quote:

Originally posted by zootm
To gain the privileges it already has? And there's a Firefox thing for it too, for what it's worth.

That activeX control has all the privileges which the user has — that's a lot more than what a typical web page should have.

Quote:

Originally posted by zootm
As you mention, if there is a vector, it is the smallest possible vector. And even then, I'm not convinced it'd have anything to gain from it.

There is a vector (though it depends on what exactly you mean by "vector"), but it's so slight as to be dismissable. At worst, I would imagine it might be possible to reveal the user's windows key or something — but I highly doubt it's so badly designed that even that's possible.

Quote:

Originally posted by zootm
As for the ******d thing, I was trying to make a joke

Phff. You're missing the point! I made a link with "outwar" in it (I would've linked to the original site, but I don't really want to raise its google rank).

[zootm]

Quote:

Originally posted by xzxzzx
That activeX control has all the privileges which the user has — that's a lot more than what a typical web page should have.

Ah, touché.

[fc*uk]

.... and all of these comments assume that Gates gives a hoot about security problems in the OS to begin with. Given the number of current security flaws, it makes it very hard for me to believe that Microsoft even gives a rats ass.

[zootm]

Quote:

Originally posted by fc*uk
.... and all of these comments assume that Gates gives a hoot about security problems in the OS to begin with. Given the number of current security flaws, it makes it very hard for me to believe that Microsoft even gives a rats ass.

Other than architectural flaws, which they can't really fix any better than they did in SP2 until a new major version (Vista), there's not very many. And MS have a pretty good team and process for fixing them.

[mikm]

fc*uk: Do you use any Microsoft products? Office? Windows? If you do, stop using them. Vote with your wallet if you think Microsoft writes such poor software.

[zootm]

Yeah, try out Fedora Core 5, it's pretty swish. Or wait for Ubuntu Dapper Drake, which should be out in June. Plenty of alternatives if you want them.

[mikm]

Ubuntu is very nice. I'm seriously considering switching to it as my main desktop.

[Mattress]

I'm tempted.

[skryingbreath]

If it weren't for Photoshop not working on Linux and my network adapter not playing nice with it, I'd make the conversion. The live CDs are extremely usefull and pretty sexy.

[zootm]

Crossover Office, probably Wine too, can apparently install Photoshop.

That's not a good alternative to running it natively, or having a good photo manipulation utility availble for Linux, though.

[xzxzzx]

Quote:

Originally posted by zootm
Other than architectural flaws, which they can't really fix any better than they did in SP2 until a new major version (Vista), there's not very many. And MS have a pretty good team and process for fixing them.

We'll see how well MS does at fixing architectural flaws in Vista. I'll bet shatter attacks will still work, and that's a pretty huge flaw.

What's somewhat worrying is that Microsoft, with SP2, seems to have taken the stance that breaking the OS so that viruses can't distribute themselves as quickly is a good idea. It's stalled an application on my system at least once, that I know of... fortunately, I knew that SP2 made the "outgoing TCP handshakes" limit, and knew how to change the settings of my applications to avoid it, but the average user certainly wouldn't...

[zootm]

Quote:

Originally posted by xzxzzx
We'll see how well MS does at fixing architectural flaws in Vista. I'll bet shatter attacks will still work, and that's a pretty huge flaw.

I think that the "don't allow messages to pass between applications with different privileges" may be implemented, but I'm really not sure. Shatter attacks are weird, but you don't really see all that many of them for whatever reason.

I suppose if they fixed everything else we'd see a lot more

Quote:

Originally posted by xzxzzx
What's somewhat worrying is that Microsoft, with SP2, seems to have taken the stance that breaking the OS so that viruses can't distribute themselves as quickly is a good idea. It's stalled an application on my system at least once, that I know of... fortunately, I knew that SP2 made the "outgoing TCP handshakes" limit, and knew how to change the settings of my applications to avoid it, but the average user certainly wouldn't...

To be fair, if the app breaks under XP's built-in protection, it's not been well coded for XP. I'm pretty concious that you're an expert user, and this is a limit that I'm not sure anyone with less experience would actually experience the problem. I certainly haven't!

[MegaRock]

Please... this shit has already been hacked.

http://www.aviransplace.com/phpBB2/v...pic=79&forum=1

Did anyone really think MS could stop the hacking community?

[xzxzzx]

Quote:

Originally posted by zootm
I think that the "don't allow messages to pass between applications with different privileges" may be implemented, but I'm really not sure. Shatter attacks are weird, but you don't really see all that many of them for whatever reason.

I suppose if they fixed everything else we'd see a lot more

Ha. Could be.

Quote:

Originally posted by zootm
To be fair, if the app breaks under XP's built-in protection, it's not been well coded for XP. I'm pretty concious that you're an expert user, and this is a limit that I'm not sure anyone with less experience would actually experience the problem. I certainly haven't!

Actually, you probably have, you just haven't hit it in the same way I have (I hit it with 10 stalled connection attempts, which was very noticable — you've probably only hit it with 10 connection attempts, which only felt like a slowdown to you, if you noticed it at all). I'm very aware that I stress a machine more than an average user.

The limit is 10 concurrent outgoing TCP connection attempts — before SP2, many bittorrent clients would hit this by themselves (now they've been changed — they weren't poorly coded, as you assert, but relied upon the OS to be sane about outgoing connection attempts). There are, of course, many security tools which try to create many TCP connections which are inhibited by this "feature".

What's fun is that this "feature" opens up a whole way to DoS someone's machine if it has a program you can get to open 10 TCP connections to nowhere that'd respond.

Oh, and other crippling changes to the IP stack in Windows were introduced in SP2, like the inability to send (certain?) TCP packets over raw sockets... (these changes broke nmap in quite a few ways, but it's ok, nmap's just using raw ethernet frames now...)

And here we thought Windows' networking stack was getting better...

[zootm]

Heh, well the networking stack in Vista is completely new, for better or worse. As for:

Quote:

now they've been changed — they weren't poorly coded, as you assert, but relied upon the OS to be sane about outgoing connection attempts

Well, they were poorly coded for SP2. It's not like they couldn't have been fixed 6 months before the first version of SP2 was released, since there were developer betas available for free ages before. "Sane" is a relative term, though, there's several things inhibited by any operating system, just because of potential for abuse. I think that the whole "zombie" thing just went too far, and some way out had to be found.

If one can code around it for the functional uses, can these workarounds be used for the same attacks as the change was designed to fix? If not, it seems like a reasonable change to me.

Windows' biggest problem with its TCP/IP stack is that it's (shock, horror) standards-compliant. The standards have several large flaws, which impede the amount of data that can cross a TCP/IP connection (if you see a Linux machine beating records for server speed and so on, hacking the TCP/IP stack is commonly how it is done). Vista allegedly has a way around it without breaking the standards, but I believe it only works if both endpoints are running Vista. The documentation on it is well worth a read though, it's high class work. It's called CTCP (Compound maybe?) if I remember.

MS's security people, with the stuff in SP2, did seem to be attempting to get around the problems in their current setup as best they could, without breaking too much stuff. There aren't all that many non-malicious programs which frantically create outgoing TCP connections (BitTorrent, as you'll well know, is a hugely atypical protocol, and although BT is a lot of traffic on the internet, it's not nearly so many users inconvenienced on a percentage basis), and there's a hell of a lot of malicious ones. They seem to be going down the classic UNIX road of "functionality before correctness" these days, which may or may not work.

I've not directly played with networking in Vista (if there's one thing I find disinteresting, it's networking), however, so I can't say I know how it actually all goes together and stuff.

[xzxzzx]

Quote:

Originally posted by zootm
Well, they were poorly coded for SP2. It's not like they couldn't have been fixed 6 months before the first version of SP2 was released, since there were developer betas available for free ages before. "Sane" is a relative term, though, there's several things inhibited by any operating system, just because of potential for abuse. I think that the whole "zombie" thing just went too far, and some way out had to be found.

How about a firewall which actually monitored outbound connection attempts? Or a registry setting? Oh, I forgot... both of those things are easily gotten around because people are almost always running as "root". Hardcoding 10 into tcpip.sys is harder to get around... hopefully the virus won't just patch it.

Quote:

Originally posted by zootm
If one can code around it for the functional uses, can these workarounds be used for the same attacks as the change was designed to fix? If not, it seems like a reasonable change to me.

Of course they can, it's just harder.

Quote:

Originally posted by zootm
Windows' biggest problem with its TCP/IP stack is that it's (shock, horror) standards-compliant. The standards have several large flaws, which impede the amount of data that can cross a TCP/IP connection (if you see a Linux machine beating records for server speed and so on, hacking the TCP/IP stack is commonly how it is done). Vista allegedly has a way around it without breaking the standards, but I believe it only works if both endpoints are running Vista. The documentation on it is well worth a read though, it's high class work. It's called CTCP (Compound maybe?) if I remember.

I can't find anything revolutionary in the documentation I can find about the Windows Vista network stack — all the mentioned "new features" I saw are in Linux, originally in either the 2.4 or 2.2 kernels.

And from what I know of the TCP standards (admittedly not that much), there is a lot of room for things like, say, receive window tuning.

Quote:

Originally posted by zootm
MS's security people, with the stuff in SP2, did seem to be attempting to get around the problems in their current setup as best they could, without breaking too much stuff. There aren't all that many non-malicious programs which frantically create outgoing TCP connections (BitTorrent, as you'll well know, is a hugely atypical protocol, and although BT is a lot of traffic on the internet, it's not nearly so many users inconvenienced on a percentage basis), and there's a hell of a lot of malicious ones. They seem to be going down the classic UNIX road of "functionality before correctness" these days, which may or may not work.

See, zootm, the new SP2 networking stack is less functional, and less correct...

The malicious users will be inconvenienced (like they care much if they have to patch tcpip.sys... they don't have to worry about the stability of a machine, or upset users), while legitimate application developers have to do things like use raw Ethernet frames (and therefore build however much of a TCP stack they need themselves) to get around it. Microsoft is trying to stop car deaths by limiting how often people can get in a car...

[fc*uk]

Quote:

Originally posted by mikm
fc*uk: Do you use any Microsoft products? Office? Windows? If you do, stop using them. Vote with your wallet if you think Microsoft writes such poor software.

I stopped supporting Microsoft years ago. Generally, I run Libranet 2.8, which works out very nicely for me. However, I am only one person and Microsoft is not going to notice a huge hit in their pocket books just from me.

However, at work and when dealing with family, I still have to deal with Microsoft products. I also am sorry to say that I believe something else malicious is going on here with this genuine advantage tool; it simply smells funny to me.

Let me ask you this, isn't the true way to stop software piracy making software that is simply harder to hack/crack/whatever? One does not go about putting an end to this game via some software tool ... because, as MegaRock already found, it can just be hacked. However, one may choose to use a software tool if alterior motives are in place.

Need I really remind everyone that, for unknown reasons, Microsoft refused to reveal their source code to their products when a judge asked for it. Reason: it would allow people to copy our junk. Yeah, true it would, but a frickin judge asked for it and you refused (something also tells me that this said judge would not have taken the code and hopped on his favorite bittorrent client and given it to the masses either)!!!

Now 'what the hell are you trying to hide???' is the only question that is left in my mind --- maybe ya'll think this is normal, but I sure as hell do not. It seems to me that is MS were serious about this, they would use a really complicated hardware dongle and that would put an end to the majority of people pirating their stuff.

Just my 0.02....

[mikm]

Just because you refuse to reveal something doesn't mean you have anything to hide. I'd never let anyone gain access to my email or other files. That doesn't mean that I am trying to hide anything.

Is Apple just as bad for refusing to license their DRM code?

[fc*uk]

Quote:

Originally posted by mikm
Just because you refuse to reveal something doesn't mean you have anything to hide. I'd never let anyone gain access to my email or other files. That doesn't mean that I am trying to hide anything.

Yeah, but I would bet that if someone threw down a subpoena asking you to caugh it up, you probably would

[/B]

Quote:

Is Apple just as bad for refusing to license their DRM code? [/B]

Depends upon how you look at it. DRM is only used to protect music files .... so chances are on your side that noting funky is going on. However, when it is a whole OS and line of productivity products that could be doing anything ....

[zootm]

Quote:

Originally posted by xzxzzx
How about a firewall which actually monitored outbound connection attempts? Or a registry setting? Oh, I forgot... both of those things are easily gotten around because people are almost always running as "root".

Yeah, it's still Windows' biggest problem. Worth noting that there are things that the Administrator user can't do directly though, Windows has a ACL-based security system, so there's not really a concept of "root", other than to add every privilege to a user (which is almost, but not quite, what Administrator is).

It strikes me as terribly annoying that Windows has a pretty good user security system and it's turned off by default though.

Quote:

Originally posted by xzxzzx
I can't find anything revolutionary in the documentation I can find about the Windows Vista network stack — all the mentioned "new features" I saw are in Linux, originally in either the 2.4 or 2.2 kernels.

Compound TCP research paper. It's a really neat system, to increase the capacity without breaking TCP standards is a far more difficult problem than it seems.

Quote:

Originally posted by xzxzzx
And from what I know of the TCP standards (admittedly not that much), there is a lot of room for things like, say, receive window tuning.

They're not, to the best of my knowledge, the problem, though.

Quote:

Originally posted by xzxzzx
The malicious users will be inconvenienced (like they care much if they have to patch tcpip.sys... they don't have to worry about the stability of a machine, or upset users), while legitimate application developers have to do things like use raw Ethernet frames (and therefore build however much of a TCP stack they need themselves) to get around it. Microsoft is trying to stop car deaths by limiting how often people can get in a car...

Agreed. I was just happy they were finally trying something in functional avoidance.

[Mr_007]

Yeah really IE sucks at the microsoft softwares.

[xzxzzx]

Quote:

Originally posted by zootm
Yeah, it's still Windows' biggest problem. Worth noting that there are things that the Administrator user can't do directly though, Windows has a ACL-based security system, so there's not really a concept of "root", other than to add every privilege to a user (which is almost, but not quite, what Administrator is).

It's really close enough in most cases. If you've got Administrator, you can inject into a process running as SYSTEM.

Quote:

Originally posted by zootm
It strikes me as terribly annoying that Windows has a pretty good user security system and it's turned off by default though.

Hehehe...

Quote:

Originally posted by zootm
Compound TCP research paper. It's a really neat system, to increase the capacity without breaking TCP standards is a far more difficult problem than it seems.

That's all well and good, but it's really not that useful in the vast, vast majority of networks... the number of 1 Gbps networks with 100ms lag is very, very low (though admittedly does exist).

Incidentally, I am very annoyed at Windows' lack of sanity in giving "High" priority to explorer.exe; so setting permissions on a large folder causes your computer to crawl... (I was just doing that)

Quote:

Originally posted by zootm
They're not, to the best of my knowledge, the problem, though.

They're not the problem with high-speed, high-latency connections, no. "Normal" TCP/IP works quite well for the Internet, though.

Quote:

Originally posted by zootm
Agreed. I was just happy they were finally trying something in functional avoidance.

I'd rather they did nothing than this...

[edit]CTCP is interesting. I haven't gotten through much of the paper, but it really doesn't strike me as that revolutionary, to be honest. Useful, though.[/edit]

[edit]Specifically, BIC-TCP (effectively an alternative to CTCP) has been implemented as the default since, I think, Linux kernel 2.6.8.[/edit]

[zootm]

Quote:

Originally posted by xzxzzx
It's really close enough in most cases. If you've got Administrator, you can inject into a process running as SYSTEM.

The problem is that Windows has a good security system and it's just not set up to work. It's like the teams who implemented and deployed the system didn't talk to each other. Frustrating.

Quote:

Originally posted by xzxzzx
That's all well and good, but it's really not that useful in the vast, vast majority of networks... the number of 1 Gbps networks with 100ms lag is very, very low (though admittedly does exist).

I just thought it was neat. There's a few other things but I think they just bring it up to a more reasonable level.

Quote:

Originally posted by xzxzzx
Incidentally, I am very annoyed at Windows' lack of sanity in giving "High" priority to explorer.exe; so setting permissions on a large folder causes your computer to crawl... (I was just doing that)

Yes. Irritating. I've had similar problems with Nautilus but only on very slow machines.

Quote:

Originally posted by xzxzzx
I'd rather they did nothing than this...

Probably the sensible option.

Quote:

Originally posted by xzxzzx
[edit]CTCP is interesting. I haven't gotten through much of the paper, but it really doesn't strike me as that revolutionary, to be honest. Useful, though.[/edit]

More evolutionary than revolutionary, I think, yes.

Quote:

Originally posted by xzxzzx
[edit]Specifically, BIC-TCP (effectively an alternative to CTCP) has been implemented as the default since, I think, Linux kernel 2.6.8.[/edit]

BIC-TCP is actually one of the references in the CTCP paper . Apparently the good thing about CTCP is that it plays better with existing TCP networks (the specific problem they find with BIC-TCP is that it's "too aggressive" much of the time). This is what I meant about not breaking existing standards, which is really what the CTCP work was about (there are several equivalents to BIC, too, but they all have problems with traditional networks, which is why the CTCP thing came about).

BIC is very cool too though.

[xzxzzx]

Quote:

Originally posted by zootm
I just thought it was neat. There's a few other things but I think they just bring it up to a more reasonable level.

Well, CTCP sounds cool if it's as good as that paper makes it out to be, definately. It's just that the Internet and/or local networks won't really use it.

[zootm]

Well, the core internet won't use it, but to be fair there's not a hell of a lot of that running on Windows anyway. It's an interesting technology for where things seem to be going for clients and stuff.

[xzxzzx]

Quote:

Originally posted by zootm
Well, the core internet won't use it, but to be fair there's not a hell of a lot of that running on Windows anyway. It's an interesting technology for where things seem to be going for clients and stuff.

Well, the only time TCP fails is when you've got very high bandwidth with very high latency, *and* you want to use most of it for a single TCP stream... that just doesn't happen much on the Internet, though it'd be cool if it did.

/me wants 1 GB internet connection