I love having a blog, it means I can rant, and I sure do like ranting. Like earlier in the week I was upset that the media made a huge deal out of a Russian site selling a Vista exploit. These reports made it seem like a much worse problem that it was and few reporters actually mentioned that is was a LOCAL bug and an attacker needs valid credentials to login to the machine to carry out the attack. I suppose headlines like “Russian site selling lame bug that affects almost nobody” would not have been as eye grabbing.
This trend of dumping on Vista has continued but this time its cracks. If you are not familiar with the term there are ways to circumvent legitimate licensing and copyright protection schemes and download and run copies of Microsoft’s latest shiny toy with out *GASP* paying for it. Maybe this story is getting play because outside of the hacker community not many people have heard of “warez” and it’s finally going mainstream, maybe its getting play because it’s a slow news week; I can’t decide which.
Let me disclose something: all the cracks that have been discussed in the media recently I made efforts to go and find. I now have a very extensive collection of Windows Vista cracks. You might be asking yourself why I would do that, why not just buy a copy of ask MS to give me one. Its simple, I am waiting for the first cracks to appear that are massively infected with virii or spyware. I have seen some, but I am more waiting for something that is massively blatant like after 90 days of operation you are prompted for a credit card number or the OS will delete itself and take all of your work/photos/music with it. Surely these free spirited pirates wouldn’t do such a thing you might say…honor among thieves and stuff like that.
I ask you, what’s the best way to build a botnet now that a botnet master can’t count on massive windows remote 0day every three months that can be used in a recruitment drive. Its simple you build yourself a good reliable network of people who can’t patch (security patches require a legit copy of Windows) and you know will take your bait (free copies of Vista!!). It makes for a great plan; you can even add new functionality to your trojaned OS by releasing “cracked” patches. I am going to call this the “addict pirate” because once you get a sap hooked on this he or she has to keep coming to you for his fix or *GASP AGAIN* pony up for a legit copy.
Enough ranting about “addict pirates” and back to the poor reporting and business aspects of these “cracks”. These types of cracks have been around for years and no matter what people say this will not affect the sale of the OS. What makes me the most irate is how the reporting on the Vista cracks make it seem like this is the first time an OS has been pirated. Right now on file sharing networks you can find copies of Windows XP, 2000, ME, 98, and 95. There are even copies of Windows 3.1 floating around! And I don’t mean 3.11 for Workgroups, I am talking about the OLD SCHOOL stuff.
If you take one thing away from this blog post make sure it’s this thought: this is not a new or shiny problem, as long as there has been software there have been people stealing it. Nothing to see here, move along.