Microsoft Genuine Advantage Cracked in 24 Hours

jrobie writes "It looks like mandatory validation of your Windows XP license is now voluntary again. A simple hack has been found that disables the check. BoingBoing has the story. "

I can't believe I was actually worried about this.

[TripMaster Monkey]

A simple hack has been found that disables the check.

It's simple, all right...as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation. Sheesh.

Re:I can't believe I was actually worried about th

[Zzesers92]

the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.

In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack).

Re:I can't believe I was actually worried about th

[aicrules]

You are quite correct. They're not targetting the people who download it off of a warez site. They're hoping to get the people who bought a copy that looked real with a manual and all that.

Re:I can't believe I was actually worried about th

[Anonymous Coward]

They aren't actually punishing those people either. In the case where you unknowingly purchased an unlicensed copy of XP, they're giving you a free one if you can provide documentation. From a previous article posted here:

"Customers who discover they have a counterfeit copy of Windows will either be given a free version of the operating system or can purchase it for a discounted price, he said.

To get the free version of Windows, a customer must fill out a counterfeit report identifying the source of the software, provide a proof of purchase and send in a counterfeit CD of the software. If customers don't have all of that information, they can still fill out a counterfeit report and receive a copy of Windows XP Home Edition for $99 or a copy of Windows XP Professional Edition for $149, Lazar said."

So looks like even if you dealt in a shady off-the-truck operation, you would still be eliglble for OEM pricing.

Re:I can't believe I was actually worried about th

[Adversive]

It's good for Microsoft because they now know exactly who and where the shady dealer is and can go after him.

This policy wasn't intended to fight P2P piracy (not directly anyway).

Re:I can't believe I was actually worried about th

[InvalidError]

This is probably one of the more briliant ideas from M$ in a long time: consumers who get/got screwed by their OEM can trade evidence that their OEM is shifting fraudulent copies of M$ software for legit copies.

1) Let OEMs shift fraudulent copies
2) Get the customers to seek relief from said fraud
3) Collect evidence against OEM
4) Go after said OEM's pockets
5) Profit (fraud + copyright infringement + etc. = most likely more than enough to cover legal costs)

Re:I can't believe I was actually worried about th

[Sancho]

If the unknowning "customers" with a whitebox setup from an unscrupulous dealer didn't actually purchase Windows, then they aren't Microsoft's customers, are they?

Re:I can't believe I was actually worried about th

[Sancho]

All of your analogies are flawed.

If you buy a vacuum cleaner, you expect a working belt to come with it.

But people who buy an open-box vacuum off the back of a truck and discover that there is no belt probably aren't going to complain to the vacuum maker. And if they do, the vacuum maker is going to laugh in their face.
Without the CoA, a Windows license/installation is no better than a vacuum cleaner bought off the back of a truck.

You buy a fax machine, you expect a reasonable amount of toner to come with

Re:I can't believe I was actually worried about th

[jericho4.0]

It's unknown in the small town I live in now, but I saw lots of sketchy software in Vancouver.

Re:I can't believe I was actually worried about th

[gartogg]

I'm abroad, in Israel; I RARELY see a legal copy of Windows; no-one has a CD, and it "just came on the computer" they bought from a local, small company that puts computers together.

They aren't targeting the tech savvy people you happen to know, that's all.

Re:I can't believe I was actually worried about th

[shark72]

"In a cost comparison, they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version to purchase outweighed trying to lock out people who knowingly run a pirated copy (i.e., people who will use this hack)."

Thank you for pointing that out -- it's a concept that's lost on many people. It's a bit like the locks that come on your car: they probably won't hinder that professional thief who wants your car, but they'll stop the amateurs.

Re:I can't believe I was actually worried about th

[nine-times]

Well, of course no security is unbreakable. The idea is usually:

1. to prevent people who have no idea what they're doing from being able to break in
2. to make the break-in appear dangerous enough that a large portion of those who could break in are too afraid to try.

Now, maybe some security measures will make it really hard for even those with quite a lot of expertise, but that's pretty rare. Most locks/alarms rely on fear and a lack of expertise, and that's pretty effective.

Re:I can't believe I was actually worried about th

[shmlco]

Actually, the main idea is to delay access. The harder it is and the longer it takes, the more likely it is that the perp will be noticed. Hopefully, they'll give up and go elsewhere rather than stand there and increase their chances of getting caught.

Re:I can't believe I was actually worried about th

[ChuckleBug]

There's another reason for locks and alarms: To make your car (or whatever) more of a pain to steal than the next guy's. It's like the joke about the campers who hear a grizzly bear coming. One starts putting on his running shoes. The other says, "What are you doing? You can't outrun a bear!" The reply: "I don't have to outrun the bear. I just have to outrun you."

Re:I can't believe I was actually worried about th

[telstar]

Actually if you need to use the car comparison, a better representation would be this: It won't stop the professional car thief, but it will stop the person who unknowingly walks up to the wronng car in the parking lot and expects to be able to unlock the door and drive away.

Many, many people have bought pre-built PCs with Windows loaded on it by a PC builder that was pirating Windows to his heart's content They just have no idea it's not legit.

Who wouldn't know ?

[Simonetta]

they probably figured a cheap, easy means to get people who otherwise did not know they had a pirated version...

I don't believe that there are many people who don't know that they are using a "quote" pirated "unquote" version of Windows. In the USA, it is extremely rare for unregistered versions of Windows to be used in Offices. And most people who buy PCs 'ready-to-operate' will have the Windows license included at a vastly reduced bulk price. People who build their own PC from components

Re:Who wouldn't know ?

[cdrguru]

Easy - low-end Internet retailers ship PCs without a valid copy of Windows all the time. Yes, I got one and the sales receipt says I was charged for Windows XP. The product code that was pre-set when it was loaded on the machine had already been registered with Microsoft and no COA or anything else came with the machine.

It was not a valid copy of Windows.

I turned them in to Microsoft after they were completely unresponsive to email and a phone call. What do you know - a few days later I got a package from UPS that they shipped out the day I called Microsoft.

Windows is not so cheap to the OEM that they aren't above sneaking one past Microsoft every chance they get. Illegal and immoral? Sure, but it is Microsoft they are ripping off, so most people aren't going to care.

Re:I can't believe I was actually worried about th

[daxomatic]

well,

hahahahaha
after reading this http://www.google.com/search?hl=en&lr=&q=new+windo ws+Vista&btnG=Search [google.com]
Introducing Windows Vista(TM). It enables a new level of confidence in your PC and
in your ability to get the most out of it

LOL
ROFL
hahahahaha
etc ect

Re:I can't believe I was actually worried about th

[Monkelectric]

The original text of that site read:

Introducing Windows Vista(TM). It enables a new level of confidence in your PC and in your ability to get the most out of *YOU*.

Re:I can't believe I was actually worried about th

[AKAImBatman]

as simple as the kids over at Microsoft who decided to implement an anti-piracy measure utilizing javascript without any input validation.

You mean I don't even have to hold down the Shift key? ;-)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I can't believe I was actually worried about th

[EnVisiCrypt]

I know this was tongue-in-cheek, but since it's all client side, they have no way of flagging anybody as far as I can tell.

Anybody know differently?

Re:I can't believe I was actually worried about th

[Excelsior]

since it's all client side, they have no way of flagging anybody as far as I can tell.

Not necessarily. Client-side Javascript code can write to a cookie, and the server can read that cookie on subsequent submits. The client side Javascript can even communicate the cookie to the server using the XMLHTTPRequest object, or with an iframe, eliminating the need for a subsequent user-initiated request.

Not that I expect them to go to all this trouble, and I'm definitely not saying that they are doing that now. I'm just saying it is theoretically possible.

Re:Simpsons flashback

[Anonymous Coward]

most likely...considering that's Nelson's trademark.

bwahahah

[1336.5]

Quality programming I tell you. Quality!

Re:bwahahah

[MightyMartian]

Balmer: "What are you going to do tonight, Brain?"

Gates: "Same thing we do every night, Stinky. TRY TO TAKE OVER THE WORLD!"

It works... for now

[gbulmash]

Just tried it and it works (after Microsoft forced me to download the Genuine Advantage update).

Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update, so I believe this is only a temporary reprieve. I guess it will be a back and forth between MS and and hackers until MS has secured Genuine Advantage.

I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support. I paid for this and I shouldn't have to keep wasting my time to soothe their paranoid brows.

Just another reason to keep trying new Linux distros and updates on my testbed system until I find one I like enough to switch (tried so far: Ubuntu, SuSE, CentOS 3.3, Linspire, Knoppix, Mandrake 10). Already using OpenOffice, Firefox, and Thunderbird and have a WAMP (Windows, Apache, MySQL, PHP) set-up for development work. Going to Linux is a small step, but there are a few apps (like video editing, graphics editing) where I just don't have the patience to spend a whole bunch of time learning Linux apps that are 'almost' there in terms of their UI. Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

- Greg

Re:

[account_deleted]

Comment removed based on user account deletion

Re:It works... for now

[cavemanf16]

I agree with previous poster on VirtualDub, and I would add that you just need to give The Gimp a while to get used to its interface. I finally have, and it does everything I ever needed Photoshop for in the past. Unfortunately, I also play lots of video games like HL2/CS:S and Civ3 which are only available on Windows right now. Unfortunately, maintaining a video gaming machine on Linux is tricky at best - video drivers and other hardware stuff just isn't as easy to use in Linux as it is in Windows.

Re:It works... for now

[Compholio]

Maybe I'll hit the Crossover Office site to see if they've gone to gold level support on some of my must-have Windows apps yet.

I would recommend trying WINE (Crossover Office is a spinoff of WINE) first since it is free. What I'd like to see is for WINE to start providing a "Windows Alternative Update" where they provide all the DLLs they've been reverse engineering as an alternative update for the Windows 2000 users that are about to get screwed.

Re:It works... for now

[RetroGeek]

I've got a licensed, genuine version of Windows, but F them for making me jump through hoops to receive continued support.

An interesting view point, which is quite pervasive.

So why should you get free continued support?

Now, if you had paid a maintenance fee (quarterly, yearly, ..), then you would of course get updates for the life of the maintenance contract.

But free?

You could of course argue that the company has a moral obligation to provide updates, and in fact it makes good Public Relations sense to prov

Re:It works... for now

[gbulmash]

An interesting view point, which is quite pervasive.

So why should you get free continued support?

Now, if you had paid a maintenance fee (quarterly, yearly, ..), then you would of course get updates for the life of the maintenance contract.

But free?

It's supposed to be free because that's how Microsoft has done it. If they want to change it, change it. But define that change clearly and prominently at the time of sale.

Lots of smaller software companies sell you A & B & C packages:

• A: Software only
• B: Software + updates for X period
• C: Software + updates for X period + plus priority/personal support.

If Microsoft wants to follow that model, fine. Do it... on all new copies of XP they've sold. But for the prior ones, stop adding hoops and checks to make sure I paid. I bought it, I installed it, activated it, I've done enough to qualify for my updates.

- Greg

Re:It works... for now

[Sancho]

Luckily, security fixes are currently exempt from the Windows Genuine blahblahblah requirement.

Re:It works... for now

[QMO]

"You could of course argue that the company has a moral obligation to provide updates, and in fact it makes good Public Relations sense to provide free fixes for broken software, but they are really not obligated to."

If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

In most industries, anyone who doesn't follow that rule goes out of business very quickly.

I think that we are just used to software being an exception.

Re:It works... for now

[mcrbids]

If I buy a Television (OR motherboard, hard drive, child's car seat, shingles for the roof, combine for the wheat harvest, CNC press brake for the machine shop, etc.) that doesn't work I can get my money back.

If it works when I get it, I use it correctly, and it breaks in a short period of time (because of a hidden weakness in the product) I get it fixed for free.

In most industries, anyone who doesn't follow that rule goes out of business very quickly.

I think that we are just used to software being an exception.

Which is, of course, silly. When's the last time you turned in a stolen car for a recall/repair? When you do, they'll look up the VIN (Vehicle Identification Number) and make sure that you're legally entitled to the free repair.

Microsoft is doing the same thing, here. Bitch all you want to, but your license number is effectively the "VIN" for your software. Why shouldn't they have some reasonable means to check it?

Prediction

[Spy der Mann]

Sadly, Microsoft will issue a new version of Genuine Advantage that disables the hack and make you use the new version before you can use Microsoft update

To appear tomorrow on Slashdot:

javascript:void(window.g_sWGACheckVersion='2.0')

Re:It works... for now

[Alan]

The irony of course is that because of security concerns, MS has been saying that to be safe don't run exe's off the net and disable activeX, and to ensure security, they're making you run exe's off the net and use ActiveX.

How long before someone creates a phishing site that lets people download a 'genuinewindows.exe' that's not so genuine?

But

[QMO]

If they come from Microsoft, they're OK. Microsoft is trustworthy.

Re:It works... for now

[Ingolfke]

MS has been saying that to be safe don't run exe's off the net and disable activeX,

Microsoft has been saying don't run unknown EXEs and ActiveX controls. They do sign all of their controls so for those of us who check before we run something we can validate that they're actually from Microsoft or some other trusted party before we run the app/control.

Re:It works... for now

[Anonymous Coward]

Perhaps you dont remember when a Microsoft SSL certificate was issued to a non-MS person years ago. Just because something claims Microsoft created some Active-X control does not mean they really did. Nothing is foolproof.

Microsoft's channelling Dennis Farina...

[RoadWarriorX]

"Hey, it's OK. We're authorized."

Re:It works... for now

[robertjw]

Jump through hoops? I was verified in under thirty seconds with two clicks,

Just because you are a fast jumper doesn't mean it wasn't a hoop.

Re:video editing on Linux

[gbulmash]

You must have missed this.....

All well and good if I want to make the sequel to "Sky Captain", but not quite the simplicity of Premiere Elements.

- Greg

Great!

[Luscious868]

Let's post it on Slashdot for all to see so Microsoft will find out about it and make it harder to get around!

Re:Great!

[youknowmewell]

Don't worry, nobody will be seeing it for the next day or so; it was posted on /.!

Re:Great!

[kawika]

Sure, but Microsoft is certain to see it tomorrow when it's posted as a dup!

Re:Great!

[PakProtector]

Yes, you can, but you're missing the point. It's not hipocrisy, though only small, petty minds are troubled by such a thing as that.

The point is, this is a 'main-stream' news site, and gets a lot of traffic. The best way for a company to find out about an exploit they need to fix is for it to get lots of 'high-level' coverage.

That's why when you find an exploit you can use for something, you generally try to 'keep it on the low.'

Got it? Most of us could probably have found this just as easily if it ha

Re:Great!

[silicon not in the v]

Got it? Most of us could probably have found this just as easily if it had not been posted on /., but now it is, so it's that much easier to find, which means it will be brought to MS's attention that much more quickly, which means they will have a fix for this work around that much sooner.

Ha ha! When I read that I thought, "Oh, you mean like we've been openly, publicly blasting them for all of their programming vulnerabilities and horrible security model, and the incredibly stupid practices of putting ease-of-use over stability or security? Yeah, that has resulted in them jumping right on it and issuing fixes for those things. NOT!"

Re:Great!

[Marxist Hacker 42]

Microsoft's new license verification *scheme* isn't a security risk and if anything they are going to *welcome* these reports so that they can quickly close open holes that may allow "malicious" folks out there to continue to receive software updates.

I consider *anything* identifying me or where I bought something to a major corporation to be a security risk. Corporations cannot be trusted to act benignly towards consumers; the profit motive is against it.

Javascript??

[WebHostingGuy]

Are they serious about security, privacy and piracy yet?

Re:Javascript??

[interiot]

I guess people could come up with conspiracy theories for this... that Microsoft WANTED people to crack it as fast as possible so they could whine about it to senators or something.

Does anybody know if Herr Gates is scheduled to meet any important people soon?

Not for long

[zoomba]

That one will be fixed pronto in a "critical" security fix.

Unbelievable.

[455]

That really is amazing. Proof of why I don't use the MS Validation Control when we develop in VS.NET - Just turn it off!

Re:Unbelievable.

[kmmatthews]

Dude, wtf are you smoking? The MS Validation Control and this Genuine Advantage crap are TWO COMPLETELY SEPERATE AND UNRELATED THINGS.

Re:Unbelievable.

[enkafan]

Personally, I wouldn't use the built in validation controls because they don't output DOM compliant javascript. You can download a set of DOM compliant validation controls here: http://www.okane.com.au/matt/PermaLink,guid,c0797a e3-d041-49bb-bd15-0ae551151271.aspx [okane.com.au]

But if you are using ANY validation control in ASP.NET, you sure as hell better be calling Page.IsValid on the server side instead of relying on the javascript functionality. well, I guess this assumes you knew that the validation controls can be ran from the server side...

Get the hack here!

[Anonymous Coward]

Download the hack here,

http://www.linux.org/ [linux.org]

That's a story?

[alvinrod]

That has to be the shortest article I've read! Roughly 45 words in it. Article summaries have been longer.

Oh well, sucks to be Microsoft. Now they've had their anti-theft security cracked again. Everyone's got to be laughing at them.

The pirates be losin' their cuttin' edge, arr.

[supersocialist]

I mean, seriously, I expected a crack out much sooner. What's it been, six hours?

Shocking stas gathered by program

[FerretFrottage]

...after users attempted to update, MS found out that there is actually only 1 registered copy of Windows XP.

Re:Shocking stas gathered by program

[interiot]

Further research revealed that while some people had actually paid for XP, they found repeated product activation to be such a painful experience, that it was easier to just download the ilicit version and be done with it.

Re:Shocking stas gathered by program

[savagedome]

Only one? So, assuming Bill has the only original, that means Stevie B is pirating it. Damn. I always knew there was something fishy behind the Monkey Boy charm.

as always

[cryptoz]

MS continues to do its absolute best (or does it?) to prevent their products from being hacked to bits (no pun intended), and they have no choice. As part of their business, it's mandatory that they attempt to curtail software piracy. But they know, and we know, that it can't be done. It's like the terrorists (now, seriously guys, I'm NOT making a link between hackers and terrorists, I'm above that). But look at it this way. The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through. That is, Microsoft will have to figure out every possible way that their products can be cracked and provide protection, but the hackers must only find one single weakness. So to speak.

I'm Speechless

[MightyMartian]

MS continues to do its absolute best (or does it?) to prevent their products from being hacked to bits (no pun intended)

This is their absolute best?

Weapons and Armor

[Ungrounded Lightning]

The US government has to protect against all possible terror threats, whereas the terrorists only have to find one single way to break through.

Which is much of WHY, in a race between weapons and armor, weapons always eventually win.

Can't really be suprised

[Sv-Manowar]

A product with the market penetration as big as Windows is always going to be cracked, as soon as possible after it comes out. No matter what they do to try and prevent it, which is why some companies don't spend that much on anti-piracy for the product on release now, something microsoft can't do... so they have to try their best.

That answers that..

[jav1231]

I guess they've answered "Can Open Source and Commercial Software Coexist?" with a YES, and added a HOW!

"Flamebait"??? Why? That was funny!

[mark-t]

One of the mods today is on crack, methinks.

Javascript??

[jurt1235]

Does it have to be compatible with anything else than IE? Just make it in activeX! It will make it harder to crack: Using IE will get your computer deadly infected with spyware and virusses, so you can not hack the genuine advantage program yourself, ergo the genuine advantage program is safe and secure.

Actually MS sites work pretty well with firefox (I do not know if it looks or works different in IE since they do not make a version for linux (they made one for SUN, hum, maybe give that a try....))

Re:Javascript??

[techno-vampire]

Windows Update doesn't work with Firefox in general because it disables ActiveX by default.

Article Text

[Anonymous Coward]

Thursday, July 28, 2005

Microsoft "Genuine Advantage" cracked in 24h:

"This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

java script:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

Re:Article Text

[MightyMartian]

I love these sorts of vulnerabilities. Maybe we should look for "GiveMeRootPriveleges=NO" and "SendMeTenMillionDollarsInUnmarkedBills=NO". Maybe there's a "FormatEveryHardDriveInRedmondAndInstallRedhat=NO" .

More then one way

[KasKyt]

This bypass also works http://home19.inet.tele.dk/jys05000/ [inet.tele.dk] I tested it earlier today, good job MS :D

piracy leads to marketshare?

[ackdesha]

This seems like such a amatuer web developer move that I'm led to think maybe they left it easy to bypass on purpose. Come on, if Microsoft eliminated all piracy of windows, people might actually try something else.

Cracked in 24 hours, /.ed in 40 posts, GRRR.

[The Ancients]

...and if the above posts are correct, it's about 45 words!

MS will just use another technique then.

[mark-t]

Probably one that will be labelled a critical update and won't require any checks to download once MS has it ready.

And wanna bet that MS is gonna obfuscate the issue ever so slightly in the update description to make it appear to a person that doesn't read it very carefully that the update in question actually fixes an issue far more critical to the user than it really is, when in actuality it's only really critical to Microsoft?

Since BoingBoing is getting hammered...

[randomErr]

Since BoingBoing is getting hammered here's the text of the article:

Thursday, July 28, 2005
Microsoft "Genuine Advantage" cracked in 24h:

window.g_sDisableWGACheck='all'

AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

Link [theinquirer.net] (Thanks, AV!)

MS Released this for legt users

[ken-reno]

This is deigned for people who think they have a legit copy. It will help with that. I bet a lot of white box shops who install cracked versions of windows are a little nerviousr right now.

Re:

[account_deleted]

Comment removed based on user account deletion

Can Also Just Find a Direct Link

[stevemm81]

You can also just find a direct link to what you want to download. For instance, go to
http://download.microsoft.com/download/8/1/5/815d2 d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywa reInstall.exe [microsoft.com]
to get the anti-spyware program.

Different Way to Crack It...

[00Monkey]

I found that if you go to Tools->Manage Add-ons (Req. XP SP 2 of course), then select to show "Add-ons that have been used by Internet Explorer" and finally set Windows Genuine Advantage to "Disable" and then Restart Internet Explorer, it lets you do Windows Update just fine.

Product Activation wouldn't be bad if...

[ShatteredDream]

they would actually treat their customers like their legitimate users unless they give them reason to believe otherwise. Here would be a good idea for Microsoft: allow unlimited product activations if you buy a site license for your house and send them a registration notice in the mail. Then product activation is against others who might steal your serial number.

I have enough PCs that I'd pay $300 for a "home site license." Microsoft could create such a thing without any hassle because for many households, it'd be worth it. All they'd have to do is make you send a copy of your driver's license or something in the mail and then if someone tries using your serial number that doesn't share the data on your driver's license, they go after them for infringement. That way, product activation doesn't harass law-abiding users.

I'd love to use Longhorn because it looks like a good release, but damned if I'm going to buy it and get 2 "harassment-free" installs. If I buy it, you can bet that I'll only buy it after I've either gotten a cracked CD or found a site license serial that actually works like the ones that XP uses. Every windows license I have is valid, though I use cracked CDs just to get around the PA. Seesh, why am I forced to behave like a common criminal? I can't wait to be able to switch back to OS X at this rate...

Re:Product Activation wouldn't be bad if...

[mkarpinski]

Apple does something like this with OS X.

For $199 (A single user license is $129), you can get a 5 license copy of OS X - They call it the Family Pack.

No activation required!

People just dont get it.

[Kenja]

The idea behind this check was to catch retail outlets selling pirate copies of Windows to customers. The only reason I can think of that you would be against this is if you where selling such merchandise.

As for the rest of you, if you think Windows is so bad, why pirate it?

From the "rejected key" page

[Komarosu]

To quote from Microsoft's own rejected key page:

Did you know that Windows XP can keep your computer up-to-date automatically with the latest updates and enhancements? You can set Windows to recognize when you are online, search for downloads from the Windows Update Web site, and deliver them directly to your desktop. Genuine Windows validation is not required to use the Automatic Updates feature.

So... whats the point?

Re:From the "rejected key" page

[kalislashdot]

I think Automatic Updates ONLY do Critial Updates. Which excludes updates to programs or new features.

Which is fine by me. Patch the security wholes without bugging me, just my style.

My tin foil hat on: was this really a crack?

[br00tus]

One thing I have noticed with a lot of atrocious stuff is something like this: a program comes out that installs spyware, sends all of your information to who knows where, changes all your automatic launches to this product, starts up the program with each reboot and so forth. However - these programs have in the fine print stuff that says "if you use a hex editor to modify this INI file, all of that bad stuff will be disabled". The techs who know what they're doing will do this, and stop complaining about it. The 99% of other clueless users will be stuck with this the garbage.

Which leads me to put my tin foil hat on and say: was this really a hack? Or is Microsoft happy to have this effect 99% of people on earth, and allow the 1% of techies who are unhappy about this either for privacy reasons, or because they have have a "pirate" edition of Windows, to get around it and stop complaining? I don't really see this as getting one over on Microsoft, smart authoritarian hierarchies often leave little safety valves for discontent like this around, allowing a few people to get away with breaking the rules, instead of them going about trying to change or get rid of the rules.

If you bought a computer with...

[olympus_coder]

IANAL

Windows XP from a legitimet source (say Toshiba, as I've seen that mentioned in a couple of posts) and you fail to authenticate, call their support. If they don't solve the problem double quick, write your eterny general. They lied when they sold you the laptop. THEY need to fix it (not you).

If this is a common problem, a class action suit will be created and the manufacurer will have to answer for it. If the manufacturer feels it was actually MS that caused the problem, then they will file suit against them.

All this is academic. I use linux...

Just disable the tool

[Jabroney]

You can disable the tool from within IE. Just go Tools > Addons > Disable Windows Geniuine Advantage

I cracked it nearly 6 months ago ;)

[Anonymous Coward]

"Cracked in 24 hours"? I 'cracked' it so long ago (Proof [no-ip.com]) I'm surprised that this is even news. And you don't even need javascript enabled - all you need is "WinGenCookie=validation=0;" in your cookie. So just paste this into your location on any microsoft.com page: javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT'; void 0

I mean, it was just so easy and obvious; I can't believe everyone else hadn't already found out about the easy ways to bypass it long ago.

Possible explanation

[Mostly a lurker]

Some people get very upset when personally identifiable data is sent to servers. Does Microsoft ever send the Windows serial number across the network today? I am guessing that they chose to do this client-side (knowing it would get bypassed) because they did not want to deal with the backlash from passing the data to the server.

Just links back to article in summary

[WebHostingGuy]

This link just goes back to the one in the article, you can skip it.

Re:WTF

[Big Boss]

I have adblock on and it worked fine. Update your rules. No different than spam filtering really. General rules like "ad" are going to get false positives. Of course, I only use adblock on the really annoying ones. Simple banners and such I usually leave alone.

Re:WTF

[TheViciousOverWind]

Erh... Think just a tiny bit before you post inane babble like that - The article was called "Microsoft Genuine Advantage[...]" and in the url it says "microsoft_genuine_ad". - See the resemblance? It's just an autogenerated filename their CMS came up with probably.

And now for something completely different (a comment about the article): I'm pretty sure the one who programmed this check knew that it wasn't bulletproof, and maybe it's just a case of a "proof of concept" project which suddenly becomes a "Gone live" project. - It will be pretty easy for them to fix, but it really is a huge embarassment for them, and you would think that a company with that kind of resources had rules to cover things like that (as in Rule #302742314 "Clientside checking is only okay if followed by a Serverside check").

Re:WTF

[BaudKarma]

Asking people to think before they post has the potential to spoil a lot of my entertainment.

Re:YES...

[MightyMartian]

my bootleg vmware running bootleg Windows XP setup is back in action!

And you'll see plenty of action in prison, my friend.

Re:only for the geeks

[fireboy1919]

Yes...because the highly technical operation "pasting into the addressbar" is far, far beyond the level of knowledge of the average user*. The bigger problem is that the average Windows user can't even read or click buttons, and will, when frustrated, end up throwing their own feces at the screen.

*This is based on the assumption that the average Windows user is, in fact, a chimpanzee.

Re:only for the geeks

[mark-t]

I bought my copy too... an OEM version of Windows XP Home edition that came bundled with my Toshiba laptop. The certificate of authenticity label is attached to my laptop, and I have all the original manuals and CD's.

But for some inexplicable reason, Microsoft is unable to authenticate my info. Which leaves me with no alternative but to use the crack if I want to continue to use XP on that system.

Re:Way to go M$

[pla]

I cant wait to see how secure the XBox360 will be

Fairly.

Don't mistake MS's "see, we tried" pretend attempts at security, and their "this hurts our bottom line" real security.

The original XBox still has no generally applicable software-only crack for it, after several years in the field. Real security.

This new "please don't pirate Windows" joke lasted 24 hours. Why? Microsoft WANTS people to pirate Windows. Very, very few private individuals would pay $300 for an OS plus $300 for an office app suite. However, if "everyone" uses it already, then the sort of customers who do buy, such as businesses and governments, will far more likely go with Microsoft.

Call me paranoid if you want, but NO modern attempt at secure authentication has any excuse for not using server-side verified, AES-encrypted communication. A pathetic little unverified Javascript toy? Gimme a break.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Windows Vista will be even harder to crack

[hacker]

javascript:void(window.g_sEnableAltOS='Linus')

When did Linus turn into an OS?