Re: Windows Distro [summary]

[Micheal Cottingham <security () michealcottingham com>]

Javier Fernandez-Sanguino wrote:

> Eliah Kagan wrote:
>
> > Javier Fernandez-Sanguino wrote:
> >
> > > As for the Microsoft world, for one, have not seen any. The Windows
> > > EULA forbids this kind of stuff so I don't believe you'll find it,
> > > unless Microsoft himself develops a live-CD like or somebody risks
> > > legal action from Microsoft by putting up a live-CD version of its OS.
> >
> >
> >
> > Just a point of clarification here, the Windows EULA does not forbid
> > making a Windows LiveCD. If you make a Windows LiveCD and distribute
> > it, then that would violate the EULA and invite legal action from
> > Microsoft, just as if you distribute images of the Microsoft Windows
> > install disc, you're violating the EULA (or, if you haven't agreed to
> > the EULA, you're still violating Microsoft's copyright) and inviting
> > legal action from Microsoft.
>
>
> (...)
>
> This, and all the reasoning below is correct. Since the submitter
> requested information of Knoppix-like live-cds I just let him know
> that he will not find them available. You *can* make them through the
> use of Bart-PE like everybody else pointed out here, but you *cannot*
> distribute them. So, as a summary:
>
> Q1: ¿Can I find security-oriented Windows-based Live-CD images like
> Knoppix STD or Auditor out there?
>
> A: Not probable, if you do find them they are in violation of
> Microsoft's copyright and/or Windows' EULA. If you find any and use it
> you are violating those too.
>
> Q2: ¿Can I make a security-oriented Live-CD based in the Windows OS
> similar to Knoppix (which is Debian-based) or Auditor (which is
> Knoppix based)?
>
> A: Yes, you can use BartPE (http://www.nu2.nu/pebuilder/) or WinPE
> (http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx)
> for this. You will need a legal copy of the Windows install disks and
> will need a separate license for every Live-CD copy you make and wish
> to run simultaneously.
> There are also some limitations on what you can do, see
> http://www.nu2.nu/pebuilder/#legal
>
> Q3: ¿Can I distribute the security-oriented Live-CD I made with BartPE
> for others to use?
> A: No, see Q1
>
> HTH
>
> Javier
http://ubcd4win.com/ does offer a similar environment to Knoppix and
others, but you have to build it yourself. They give you everything you
need sans a valid Windows license and Windows install. I've used it
before, it is very nice. You just need to stream a licensed Windows to
the disk along with UBCD4Win. Directions are all there. What makes
UBCD4Win unique is they have already been through Microsoft's legal
department. The reason? Only the name, which was previously WinUBCD.
Otherwise, they had a green light.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------