[aldo_14]

http://www.boingboing.net/2005/07/28/microsoft_genuine_ad.html

[q]Microsoft "Genuine Advantage" cracked in 24h: window.g_sDisableWGACheck='all'

AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

    Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

   

Code: [Select]

javascript:void(window.g_sDisableWGACheck='all')

    It turns off the trigger for the key check. [/q]

[Taristin]

*ctrl-c*

*opens notepad*

*ctrl-v*

[Admiral LSD]

It only disables the key check on Windows Update, MS are building the validation checks into their software as well. The IE7 Beta for example will only install on a system that has a validated genuine copy of XP (and presumably 2k) installed. They've tied it to CD keys again though by the look of it so it's only a matter of time before someone figures out a way to generate keys that fall within the range whitelisted by MS.

[Fineus]

Couldn't someone crack the programs so that instead of checking the CD key against a list of Microsoft programs, it checks against a list supplied along with the crack... which would obviously work.

[Taristin]

ooor... MS can go **** themselves, and I'll stick to my liberated copies from now, and use Firefox.

[Admiral LSD]

...except Firefox sucks even worse than IE

[Taristin]

You've already proven several times in the past that your opinion is to be taken even less seriously than Zarax's so... whatever you say.

[Deepblue]

I'm actually almost inclined to agree. I've never had IE crash on me (what a feat!) and yet Firefox is iritable and likes to crash when I'm trying to do important stuff (really!).

[aldo_14]

I've (literally) never had IE work on this computer.  I believe opening a new window from a link was one of the things that crashed it.

The point being, what sort of person is stupid enough to put a security check which has a manually accessible switch-off - and worse still, one that's easy to guess!

[karajorma]

Well to be fair it did stop people with illegal copies.

For about 5 minutes they were too busy laughing to download anything

[Admiral LSD]

The thing is though that this doesn't disable WGA completely, it merely disables a single check on something MS weren't overly concerned about protecting in the first place. MS have stated that they never intended to block access to security updates, even if your machine fails the validation check you'll still be able to use WU/MU to download security patches and in addition, the "Automatic Updates" feature in Windows will still prompt you with them as well. My guess is that what's happening with the IE7 beta will eventually grow to encompass most, if not all, of the MS product line.

[karajorma]

Crappy security is worse than no security at all. All this does is take up some bandwidth on MS's servers and make it take longer for people to download the files they need.

If MS didn't care about the security of this download they should have done absolutely nothing instead of a half-arsed measure.

[Admiral LSD]

In concept, it's not as half-assed as it looks but as always, MS totally **** up the implementation.

From what I can gather, you're only really hassled if your CD key is invalid. If you're legit then it's pretty much business as usual. The way it checks the validity of your key is also particularly interesting. MS are finally checking peoples keys against a list of ones they know they have issued - something they should been doing from day one instead of forcing this activation crap down peoples throats.

MS would lock down security updates too if they could but they realise that if they did, there'd be countless machines out there all capable of acting as vectors for all manner of nasties simply because they were denied access to the proper patches. This is the real flaw in the system. By making exempt the only thing they provide that people really care about they're reducing the effectiveness of the system to almost nil. People will carry out without IE, WMP et al but critical security patches are a different matter entirely.

However, the effectiveness, or lack thereof, of the system is irrelevent. The real issue here is that MS, like the RI/MP AA, keep persisting with trying to force people into line without even trying to work out why they're falling out of line in the first place and rectifying it. I'm sure MS would find their piracy rates would take a nosedive if they didn't insist on charging such obscene amounts for their stuff. They realise this to an extent, one look at the differential between Retail and OEM/Academic pricing is enough proof of that, but won't reduce the price across the board because they're out to make a quick buck.

[General Freak]

No need to copy and paste anymore.

[Fineus]

Oh now that's just funny.

[Admiral LSD]

It's not that funny since that too only disables the check on the WU web site, it does nothing against the validation checks that are going to be built into the next generation of MS software. There are ways around those too but not as simple. I'm beginning to think MS engineered this on purpose. Spread enough disinformation around so it has the pirates going off on a wild goose chase and thus aren't focussing on the real part of the system

[karajorma]

If they did it's as idiotic as the website. It will delay pirates for all of 2-3 minutes max.