Re: Who Owns Your PC? New Anti-Piracy Windows 7 Update "Phones Home" to Microsoft Every 90 Days

[David Farber <dave () farber net>]

Begin forwarded message:

From: Sid Karin <skarin () ucsd edu>
Date: February 14, 2010 12:20:59 AM EST
To: dave () farber net
Cc: <lauren () vortex com>lauren () vortex com
Subject: Re: [IP] Who Owns Your PC? New Anti-Piracy Windows 7 Update "Phones Home" to Microsoft Every 90 Days

Dave,

(For IP if you like.)

Isn't this just what OJ finally went to jail for?

What Lauren describes is electronic vigilantism and shouldn't
be any more acceptable (or legal) in the electronic world than
it is in the physical world.

        Cheers,

                ........Sid




> Begin forwarded message:
> > From: Lauren Weinstein <lauren () vortex com>
> > Date: February 11, 2010 12:05:09 PM EST
> > To: dave () farber net
> > Subject: Who Owns Your PC? New Anti-Piracy Windows 7 Update "Phones Home" to Microsoft Every 90 Days
> >
> >
> >           Who Owns Your PC? New Anti-Piracy Windows 7 Update
> >               "Phones Home" to Microsoft Every 90 Days
> >
> >            ( http://lauren.vortex.com/archive/000681.html )
> >
> >
> > Greetings.  Sometimes a seemingly small software update can usher in a
> > whole new world.  When Microsoft shortly pushes out a Windows 7 update
> > with the reportedly innocuous title "Update for Microsoft Windows
> > (KB71033)" -- it will be taking your Windows 7 system where it has
> > never been before.
> >
> > And it may not be a place where you want to go.
> >
> > Imagine that you're sitting quietly in your living-room at your PC,
> > perhaps watching YouTube.  Suddenly, a pair of big, burly guys barge
> > into your house and demand that you let them check your computer to
> > make sure that it's "genuine" and not running pirated software.  You
> > protest that you bought it fair and square, but they're insistent --
> > so you give in and let them proceed.
> >
> > Even though you insist that you bought your laptop from the retail
> > computer store down the street many months ago, and didn't install any
> > pirate software, the visitors declare that your computer "isn't
> > genuine" according to their latest pirated systems lists, and they say
> > that "while we'll let you keep using it, we're modified your system so
> > that it will constantly nag in your face until you pay up for a legit
> > system!"  And they head out the door to drop in on the eBay-loving
> > grandmother next door.
> >
> > You then notice that the wallpaper on your PC has turned black, and
> > these strange notifications keep popping up urging you to "come
> > clean."
> >
> > Ridiculous?  Well, uh, actually no.
> >
> > Microsoft most definitely has a valid interest in fighting the piracy
> > of their products.  It's a serious problem, with negative ramifications
> > for Microsoft and its users.
> >
> > But in my opinion, Microsoft is about to embark on a dramatic
> > escalation of anti-piracy efforts that many consumers are likely to
> > consider to be a serious and unwanted intrusion at the very least.
> >
> > It's important for you to understand what Microsoft is going to do,
> > what your options are, and why I am very concerned about their plans.
> >
> > Back in June 2006, in a series of postings, I revealed how Microsoft
> > was performing unannounced "phone home" operations over the Internet
> > as part of their Windows Genuine Advantage authentication system for
> > Windows XP.  (The last in that series of postings, which describes
> > Microsoft's reaction to the resulting controversy is here:
> > http://lauren.vortex.com/archive/000184.html ).  The surrounding
> > circumstances even spawned a lawsuit against Microsoft, which
> > coincidentally was recently dismissed by a judge.
> >
> > But Microsoft has continued to push the anti-piracy envelope, now
> > under the name Windows Activation Technologies (WAT).
> >
> > This time around, to the company's credit (and many thanks to them for
> > this!) Microsoft reached out to me starting several months ago for
> > briefings and discussion about their plans for a major new WAT
> > thrust -- on the basis, to which I agreed, that I not discuss it
> > publicly until now.
> >
> > The release of Windows 7 "Update for Microsoft Windows (KB71033)" will
> > change the current activation and anti-piracy behavior of Windows 7 by
> > triggering automatic "phone home" operations over the Internet to
> > Microsoft servers, typically for now at intervals of around 90 days.
> >
> > The purpose?  To verify that you're not running a pirated copy of
> > Windows, and to take various actions changing the behavior of your PC
> > if the WAT system believes that you are not now properly authenticated
> > and "genuine" -- even if up to that point in time it had been
> > declaring you to be A-OK.
> >
> > Note that I'm not talking about the one-time activation that you (or
> > your PC manufacturer) performs on new Windows systems to authenticate
> > them to Microsoft initially.  I'm talking a procedure that would
> > "check-in" your system with Microsoft at quarterly intervals, and that
> > could take actions to significantly change your "user experience"
> > whenever the authentication regime declares you to have fallen from
> > grace.
> >
> > These automatic queries will repeatedly -- apparently for as long as
> > Windows is installed -- validate your Windows 7 system against
> > Microsoft's latest database of pirated system signatures (currently
> > including more than 70 activation exploits known to Microsoft).
> >
> > If your system matches -- again even if up to that time (which could
> > be months or even years since you obtained the system) it had been
> > declared to be genuine -- then your system will be "downgraded" to
> > "non-genuine" status until you take steps to obtain what Microsoft
> > considers to be an authentic, validated, Windows 7 license.  In some
> > cases you might be able to get this for free if you can convince
> > Microsoft that you were the victim of a scam -- but you'll have to
> > show them proof.  Otherwise, you'll need to pull out your wallet.
> >
> > I'm told that the KB71033 update (this is the KB number provided to
> > me, if it changes I'll let you know!) is scheduled to deploy to the
> > manual downloading "Genuine Microsoft Software" site
> > ( http://www.microsoft.com/genuine ) on February 16, and start
> > pushing out automatically through the Windows Update environment
> > around February 23.  
> >
> > The update will reportedly be tagged simply as an "Important" update.
> > This means that if you use the Windows Update system, the update will
> > be installed to your Windows 7 PC based on whatever settings you
> > currently have engaged for that level of update -- it will not
> > otherwise ask for specific permission to proceed with installation.
> >
> > If your Windows Update settings are such that you manually install
> > updates, you can choose to decline this particular update and you can
> > also uninstall it later after installation -- without any negative
> > effects per se.  But don't assume that this will always "turn back the
> > clock" in terms of the update's effects.  More on this below.
> >
> > Also, reportedly if the 90-day interval WAT piracy checking system
> > "calls" are unable to connect to the Microsoft servers (or even if
> > they are manually blocked from connecting, e.g. by firewall policies)
> > there will reportedly be no ill effects.
> >
> > However -- and this is very important -- if the update is installed
> > and the authentication system then (after connecting with the
> > associated Microsoft authentication servers at any point) decides that
> > your system is not genuine, the "downgrading" that occurs will not be
> > reversible by uninstalling the update afterward.
> >
> > The WAT authentication system also includes various other features,
> > such as the ability to automatically replace authentication/license
> > related code on PCs if it decides that the official code has been
> > tampered with (Microsoft rather euphemistically calls this procedure
> > "self heal").
> >
> > I've mentioned that Windows 7 systems will be "downgraded" to
> > "non-genuine" status if they're flagged as suspected pirates.  What
> > does this mean?
> >
> > Essentially, they'll behave the same way they would if they had failed
> > to be authenticated and activated initially within the grace period
> > after purchase.
> >
> > Downgraded systems will still function much as usual fundamentally,
> > but there will be some very significant (and very annoying) changes if
> > your system has been designated non-genuine.
> >
> > The background wallpaper will change to black.  You can set it back
> > to whatever you want, but once an hour or so it will reset again to black.
> >
> > Various "nag" notifications will appear at intervals to "remind" you
> > that your system has been tagged as a likely pirate and offering you
> > the opportunity to "come clean" -- becoming authorized and
> > legitimate by buying a new Windows 7 license.  Some of these nags will
> > be windows that appear at boot or login time, others will appear
> > frequently (perhaps every 20 minutes or so) as main screen windows and
> > taskbar popup notices.
> >
> > Systems that are considered to be non-genuine also have only limited
> > access to other Microsoft updates of any kind (e.g., access to high
> > priority security updates, but not anything else, may be permitted).
> >
> > And of course, under the new WAT regime you run the risk of being
> > downgraded into this position at any time during the life of
> > your PC.
> >
> > In response to my specific queries about how downgraded systems
> > (particularly unattended systems) would behave vis-a-vis existing
> > application environments, Microsoft has said that they have taken
> > considerable effort to avoid having the downgrade "nag system"
> > interfere with the actual running of other applications, including
> > stealing of windows' focus.  It remains to be seen how well this
> > aspect turns out in practice.
> >
> > All of this brings us to a very basic question.  Why would any PC
> > owner -- honest or pirate -- voluntarily participate in such a
> > continuing "phone home" authentication regime?
> >
> > Obviously, knowledgeable pirates will avoid the whole thing
> > like the plague any way that they can.
> >
> > Microsoft's view, as explained to me and as primarily emphasized in
> > a blog posting that will appear today announcing the WAT changes
> > ( http://windowsteamblog.com ), is that honest Windows 7 users will
> > want to know if their systems are running unauthentic copies of the
> > operating system, since (Microsoft asserts and indeed is the case)
> > those systems are have a significant likelihood of also containing
> > dangerous viruses or other potentially damaging illicit software that
> > "ride" onto the PC along with the unauthentic copy of the OS.
> >
> > But even if we assume that there's a noteworthy risk of infections on
> > systems running pirated copies of Windows 7, the approach that
> > Microsoft is now taking doesn't seem to make sense even for honest
> > consumers.  
> >
> > If Microsoft's main concern were really just notifying users about
> > "contaminated" systems, they could do so without triggering the
> > non-genuine downgrading process and demands that the user purchase a
> > new license (demands that will be extremely confusing to many users).
> >
> > As I originally discussed in "How Innocents Can Be Penalized by
> > Windows Genuine Advantage"
> > ( http://lauren.vortex.com/archive/000181.html ), it's far more common
> > than many people realize for completely innocent users to be running
> > perfectly usable -- but not formally authenticated -- copies of Windows
> > Operating Systems through no fault whatever of their own.
> >
> > OK, let's review where we stand.
> >
> > The new Microsoft WAT regime relies upon a series of autonomous
> > "cradle to grave" authentication verification connections to a central
> > and ever-expanding Microsoft piracy signature database, even in the
> > absence of major hardware changes or other significant configuration
> > alterations that might otherwise cause the OS or local applications to
> > query the user for explicit permission to reauthenticate.
> >
> > Microsoft will trigger forced downgrading to non-genuine status if
> > they believe a Windows 7 system is potentially pirated based on their
> > "phone home" checks that will occur at (for now) 90 day intervals
> > during the entire life of Windows 7 on a given PC, even months or
> > years after purchase.
> >
> > That Microsoft has serious piracy problems, and has "limited" the PC
> > downgrading process to black wallpaper, repeating nagging at users,
> > and extremely constrained update access isn't the key point.  Nor is
> > the ostensibly "voluntary" nature of the update triggering these
> > capabilities (I say ostensibly since almost certainly most users will
> > have the update installed automatically and won't even realize what it
> > means at the time).
> >
> > The new Microsoft WAT update and its associated actions represent
> > unacceptable intrusions into the usability of consumer products
> > potentially long after the products have been purchased and have been
> > previously declared to be genuine.
> >
> > Microsoft is not entirely alone in such moves.  For example, a major
> > PC game manufacturer has apparently announced that their games will
> > soon no longer run at all if you don't have an Internet connection to
> > allow them to authenticate at each run.
> >
> > Still, games and other applications are one thing, operating systems
> > are something else altogether.  And regardless of whether we're
> > talking about games or Windows 7, it's unacceptable for consumers to
> > be permanently shackled to manufacturers via lifetime authentication
> > regimes -- particularly ones that can easily impact innocent parties
> > -- that can degrade their ability to use the products that they've
> > purchased in many cases months or even years earlier.
> >
> > Fundamentally, for Microsoft to assert that they have the right to
> > treat ordinary PC-using consumers in this manner -- declaring their
> > systems to be non-genuine and downgrading them at any time -- is
> > rather staggering.
> >
> > Make no mistake about it, fighting software piracy is indeed
> > important, but Microsoft seems to have lost touch with a vast swath of
> > their loyal and honest users if the firm actually believes their new
> > WAT anti-piracy monitoring system is an acceptable policy model.
> >
> > My recommendations to persons who currently run or plan to run Windows 7
> > are simplicity themselves.
> >
> > I recommend that you strongly consider rejecting the manual
> > installation of the Windows Activation Technologies update KB71033,
> > and do not permit Windows Update to install it (this will require that
> > you not have your PC configured in update automatic installation mode,
> > which has other ramifications -- so you may wish to consult a
> > knowledgeable associate if you're not familiar with Windows Update
> > configuration issues).
> >
> > And if at some point in the future you find that the update has been
> > installed and your PC is still running normally, remove the update
> > as soon as possible.
> >
> > While I certainly appreciate Microsoft's piracy problems, and the
> > negative impact that these have both on the company and consumers, I
> > believe that the approach represented by this kind of escalation on
> > the part of Microsoft and others -- into what basically amounts to a
> > perpetual anti-piracy surveillance regime embedded within already
> > purchased consumer equipment -- is entirely unacceptable.
> >
> > --Lauren--
> > Lauren Weinstein
> > lauren () vortex com
> > Tel: +1 (818) 225-2800
> > http://www.pfir.org/lauren
> > Co-Founder, PFIR
> >   - People For Internet Responsibility - http://www.pfir.org
> > Co-Founder, NNSquad
> >   - Network Neutrality Squad - http://www.nnsquad.org
> > Founder, GCTIP - Global Coalition
> >   for Transparent Internet Performance - http://www.gctip.org
> > Founder, PRIVACY Forum - http://www.vortex.com
> > Member, ACM Committee on Computers and Public Policy
> > Lauren's Blog: http://lauren.vortex.com
> > Twitter: https://twitter.com/laurenweinstein
> Archives  


-- 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     Sidney Karin, Ph.D., P.E.        858-534-5075 (voice)
                                          858-755-5199 (fax)
                                              skarin () ucsd edu 
                                      
     Professor Emeritus,
     Department of Computer Science and Engineering
     Director Emeritus,
     San Diego Supercomputer Center
     University of California, San Diego                     
     9500 Gilman Drive                          
     La Jolla,  CA  92093-0505  

                       




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com