Posted by: petteri
Windows update now needs a "key" for updates - 26/07/2005 23:18
Microsoft is now requiring a "key" be placed on all PCs running XP or 2000 for updates to be downloaded. Security updates are excluded from this program.
http://seattletimes.nwsource.com/html/businesstechnology/2002402071_microsoft26.htmlIs this really nessary? I'm thinking more and more about trying out Linux again...
Posted by: RobotCaleb
Re: Windows update now needs a "key" for updates - 26/07/2005 23:27
Am I to take it that you don't own your copy of Windows?
Posted by: petteri
Re: Windows update now needs a "key" for updates - 26/07/2005 23:47
I do own my copies, four of them. But why do I need to "prove" this over and over?
Posted by: andy
Re: Windows update now needs a "key" for updates - 27/07/2005 02:39
This has been somewhat badly reported.
While I'm not a fan of product activation systems generally, this isn't some huge onerous new requirement. All this involves is a single extra step during downloading Windows components, where an ActiveX control is loaded in the browser (which presumably means you need to be using IE) which checks that your copy of Windows is correctly activated.
It doesn't involve the user entering any new details and it doesn't apply to security updates.
Thankfully the validation happens during download rather than during install. If they move the validation to the install point in the future then that really will become a pain.
Posted by: petteri
Re: Windows update now needs a "key" for updates - 27/07/2005 10:21
I perhaps got a bit carried away with this. I don't know. Perhaps this is something they should have done ages ago... Are there that many "pirated" copies of XP out there?
Does this ActiveX control open up yet more security holes? Could some more unsavory types exploit this "key" somehow? What happens if the "key" is lost?
Posted by: andy
Re: Windows update now needs a "key" for updates - 27/07/2005 10:41
The key can't be lost as such, it is generated from various bits of information unique to your PC (network card MAC address, drive serial numbers etc).
What can happen is that if you change lots of bits of hardware all at once the key can change enough so that you need to re-activate your copy of Windows (which involves phoning Microsoft, giving them your product key and new hardware key).
The ActiveX control could be seen as a minor problem. Some people might choose to turn off lots of ActiveX support in IE to increase security, if they did then they wouldn't be able to download the various Windows addons that now require validation. If that is the case then the relevant Microrsoft site can temporarily be added to IE's trusted zone and the approriate permissions set for the ActiveX control to work.
Just like any other ActiveX control it could have a security hole of some sort that hasn't been found yet.
And yes, there are lots of pirated copies of WinXP out there.
P.S. Yes, I know the hardware key doesn't work quite as I explained, but that is close enough for this discussion
Posted by: drakino
Re: Windows update now needs a "key" for updates - 27/07/2005 16:03
Anyone know an actual download on the website outside of Windows Update that is requiring this? I was poking around on the site and could still download some XP specific things fine via Safari on my OS X box.
My biggest concern if they do lock this down is being able to download patches for people not on broadband connections. I have frequently grabbed the bigger patches needed for XP to then take via USB storage to my mothers laptop, or to use at work on multiple machines. Somehow, I expect a workaround to all this, one Microsoft provides for all the IT support people out there. 3rd parties have reportedly already worked around it anyhow.
Posted by: Dignan
Re: Windows update now needs a "key" for updates - 27/07/2005 18:50
Yeah, I've put that Spyware tool on several people's PCs (the ones who I know won't run Adaware on regular intervals). Now that I know they've been merely testing it out, I'm not confused anymore. I was wondering why they were giving you the option to validate, when it was a lot easier, even if you had a legit copy, to simply skip it.
That's the part that bugs me. Have any of you gone through this process? It's a mess of ActiveX controls which first get blocked by MS's own new IE toolbar. Once you allow them, you've got to go through a slew of screens, all of which merely amount to clicking "Next." And then you see if you get validated (it's so nice to get some validation now and then).
But previously, if you didn't want to do that, the steps were "Do you want to validate" "No" "OK, click here to download."
Posted by: Ezekiel
Re: Windows update now needs a "key" for updates - 27/07/2005 20:35
So I have to ask: what's preventing anyone from setting up a home SUS/WUS server (redundant, I know) and just using that to update their local/pirated XP/2k machines? Or are they just relying on the fact that most people have no idea you can do this?
-Zeke
ps: SUS/WUS servers are 'System Update Servers' or 'Windows Update Servers' - a W2k server or W2.3k servers running a service which downloads and approves all Windows service packs for a LAN/Domain. That way, if you have say, 20 XP machines, they don't all need to download the patches, it happens once then is deployed via Group Policy rules in your domain.
Posted by: FireFox31
Re: Windows update now needs a "key" for updates - 27/07/2005 23:47
Or simply download the free HFNetChk Windows version which can download every Windows (system) patch in existance and cache them locally for deployment at any time. If I'm not mistaken, there are tons of patch management programs which can download the patches and install them for you.
And as often as possible, I don't validate my the many many legitimate copies of Windows which I manage. Oh well, it'll catch up to me some day.
Posted by: drakino
Re: Windows update now needs a "key" for updates - 28/07/2005 04:51
Ok, any links using the valadation fail to be bypassed on Safari. It goes to a page that looks like it is designed for non ActiveX browsers (at least they are doing this) and has you download an exe called "GenuineCheck.exe". The instructions ask you to run it, and put the code it returns in a form post box to then have validated. Putting the code generated from a Windows box here into Safari seemed to work, but it's annoyning to have to do now.
Posted by: cushman
Re: Windows update now needs a "key" for updates - 28/07/2005 14:49
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
From
Boing BoingAlthough I don't know how long this will last.
Posted by: andy
Re: Windows update now needs a "key" for updates - 29/07/2005 15:31
Posted by: ninti
Re: Windows update now needs a "key" for updates - 29/07/2005 18:40
And in a move that should surprise no one, it has already
been cracked.