The Issue of Illegal Software and Patching
In Omaha, NE (the quaint city in the middle of nowhere that I make my home), we have really only two claims to fame. We've got a really cool Air Force Base just south of the city, Offutt Air Force Base which is the home of STRATCOM. You might remember it - Offutt AFB is where President Bush went on 9/11/2001 to determine what the threat was and to confer over super secure, super secret communications equipment with his advisers,while sitting in the security of a bunker complex that would awe the general public beyond belief.
But, to many football (and non-football) fans Nebraska's real claim to fame is what is in a city just 45 minutes South West of Omaha - Lincoln, NE - Home of the University Of Nebraska at Lincoln, or just NU. Yeah, The Huskers, The Big Red. And, folks in Nebraska take the Big Red very seriously. In some cases, it's taken to an unhealthy obsession, but that's just my opinion. For goodness sakes - it's just a game played by a bunch of young 18 - 25 year old guys.
I do know one other thing - when you get a collection of 18 - 25 year old students together, away from home for the first time, lots of things are going to happen. One of those things will be something that seems so innocent, so trivial - they are going to find and steal software. IRC, alt.warez newsgroups, their buddy, mail order from Hong Kong - doesn't matter. Students typically don't have a lot of cash, and sometimes, once you're out from under the watchfully eyes of Mom and Dad - morals slip. Yes, I know that this is a shock to many of you (OK, unless you watched 'Animal House' - trust me - it's closer to the truth than you really want to know.....)
Many of the copies of Windows 2000, Windows XP, Windows Server 2003 that are in the dorms and off-campus apartments of the typical college student is not a 'legally obtained or rightfully owned' copy. This may come as a huge surprise, but students steal. And, they also share the wealth. But, this is not unique to Lincoln, NE. This is rampant across the country, and I dare say, is even more prevalent outside the United States.
I traveled to Japan on business a couple years ago and was able to make it to the Akihabara district of Tokyo. This area of the city is known as an electronic mecca where shops the size of a WalMart down to those the size of a closet co-exist. We're talking blocks and blocks of nothing but shops catering to the electronc and computing nerd and consumer. And, you can buy ANYTHING on any given day if you know who to ask. Illegal software is just a nudge, nudge wink, wink away. And cheap, too. $15 to $30 US is what I found typical for a copy of Windows 2000 Pro. Windows 2000 Server, $50 US. Granted - no warranty, no support, no return - all sales final, blah, blah.
By now, you're wondering what the heck is he getting at? Is there a point to all of this? Yes. There is. We know and are all very aware that Microsoft has been beating the drum for patching our systems: 'Get Secure, Stay Secure'. But, honestly - this only works if everyone does it, too. I can train a monkey to go to Windows Update and to get the latest and greatest updates, and security fixes. It's not hard - my 70 Year old Mom can handle this one (no comparison between you and the monkey here, Mom - honestly!).
But, are you aware that the illegal software from Windows XP and onward cannot go to Windows Update? Microsoft does 'blacklist' the illegal keys, and will not service a system that has not been properly activated via WPA (Windows Product Activation). Most illegal software has been circumvented in some manner that is not going to allow it to be properly activated - and those who steal it aren't interested in doing so anyway. Therein lies the crux - if you're blacklisted, no updates. If you don't activate, no updates. How many of these illegal systems are attached to the Internet, would you suppose? How many are attached to networks with fully compliant and legal netizens? How many are on your local cable segment with a clear shot at you once they are infected with Nachia, MSBlaster, or worse?
The counter-argument to this is - Microsoft has every right to protect their intellectual property and not allowing the software to be updated is one way to force users into compliance. In my opinion, I fully support the right to protect the property , but the whole argument doesn't hold water. If the illegal software is infected AND does damage to other systems, then who really gets hurt? The thief, or the law abiding citizen?
I said in one post, arguing this point, that I'm not willing to be the innocent bystander who gets hit in the forehead by a bullet in the war on piracy.
Anything that is going to apply a Security Patch must be allowed on all systems - legal or not. Make no mistake - I'm not advocating making it easy on thieves. I think they should be caught and prosecuted fully. And, that they should not be gaining any added function and feature through service pack or other enhancement. However, it's been a stated policy that there will be no added feature or function to Service Packs, but we'll see if that trend truly continues.
Microsoft, you lose nothing by allowing hot-fixes and security patches to be applied to illegal systems. You gain EVERYTHING in the public eye BY allowing patching of ALL systems. If the interest is to continue to look like the newer, kinder Microsoft is truly accurate, then this is a big step in the right direction. Your number one priority in the Security game must be to secure the current products. Your second, but a very parallel, goal must be to “Cause no harm”. Until you have all systems patched, you will cause harm by inaction. Can you really afford that?
Do the right thing - allow the patching of all systems, regardless of legal status. Protect your customers from those who steal from you. We're just the innocent by-standers.
Rick Kingslan
Microsoft MVP - Active Directory