The Update catalog routine has been set to capture pirated MS versions so
you must log on and validate your PC condition using PID/GUID and encrypted
data that is sent back via telemetry means to MS servers for validation.
Doesn't sound unreasonable, does it.
BUT, wait until the source code for Software License Protection Services is
released by Microsoft (it was due for release in Oct 07) to ISVs to allow
them to activate and update software, similar to WGA/OGA, gather statistics
and "turn on and off features" on your PC without your consent!
Forget about saying you control the system, the recent Microsoft Stealth
Updates saga (9 executable files installed without your consent - even at
sites where Updates was turned OFF!) has disproved that theory! (and now at
some sites XP cannot be restored without tweaking the registry due to one of
these files installed.)
The real issue of course is the source code could deliver the payload
mechanisms for the less savoury (hackers and crackers) to have a back door
entry to your systems and it could be embedded within the code and you won't
know.
This could border on the issue of potential subversive activity should a
malicious software vendor attempt to use the turn on/turn off features
outlined here.
To get the context right, read this article 1st,
http://www.microsoft.com/presspass/f...pservices.mspx
and
http://www.softwarepotential.com/ Within the SLP services offering by
Microsoft are silent/stealth features that can stay silent and be turned on
and turned off by the ISV to monitor activity, gather statistics, or disable
or introduce functionality.
then read this article
http://www.technologynewsdaily.com/node/8123
Allowing these silent features to be widely used, is no different to what
Media Monitor did, the features are there, ready for some dumb ISV or a
hacker/cracker to cotton onto and manipulate. This fly's in the face of IT
security principles and management of IT assets.
In essence with the source code hooks in there, there is no control left to
an entity and the software can be used for subversive activities.
and then finally put it all into perspective with
http://www.pcprofile.com/Microsoft_Stealth_Updates.pdf that outlines the
risks that are coming as a result of Microsoft's approach to piracy
solutions.
Microsoft needs to rethink this approach and make sure that a lot more
security is afforded to systems than to allow this approach in the name of
":marketing" (statistical gathering) and sharing activation mechanisms
(allowing turn on turn off features) to stop piracy!
If you want every other software vendor to follow suit then accept the
status quo, otherwise speak up and voice an opinion.
This sort of activity (source code with hidden features) is in total breach
of IT security and data protection principles.
Rob Harmer
PCProfile
Adelaide
South Australia
___________________________________________
Linear Mode
