My Vista product key can be easily dumped out?

Hello,

Today I tried SiSoftware Sandra under my Vista. I find it can dump my
product key out without any UAC warnings. Is it by design? Isn't it a
security hole? I'm really embarrassed...

Thanks!
zxli

Whats the security issue? It is stored in the registry like most other
settings.

"zxli" <imzxli@hotmail.com> wrote in message
news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
> Hello,
>
> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
> product key out without any UAC warnings. Is it by design? Isn't it a
> security hole? I'm really embarrassed...
>
> Thanks!
> zxli

I'm agree with Todd Husdon. This is not an security issue and doesn't have
anything to do with UAC.

--
Regards
Christoffer Andersson
Executive Consultant - TrueSec
Microsoft MVP - Directory Services

----------------------------------------------------------------
http://www.chrisse.se - Active Directory Resources

"Todd Hudson" <tatung70@hotmail.com> wrote in message
news05D280F-6671-4183-A3C2-76896BFCA052@microsoft.com...
> Whats the security issue? It is stored in the registry like most other
> settings.
>
> "zxli" <imzxli@hotmail.com> wrote in message
> news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
>> Hello,
>>
>> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
>> product key out without any UAC warnings. Is it by design? Isn't it a
>> security hole? I'm really embarrassed...
>>
>> Thanks!
>> zxli
>

Uac only prompts when writing to certain areas of the registry. Reading does
not cause a uac prompt.

--
Kerry Brow
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"zxli" <imzxli@hotmail.com> wrote in message
news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
> Hello,
>
> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
> product key out without any UAC warnings. Is it by design? Isn't it a
> security hole? I'm really embarrassed...
>
> Thanks!
> zxli

MS always tells us to keep the product key in a physically safe place. But
how to protect my product key(in clear text?) in the registry that everybody
including hackers know where it is? I can hide the physically printed
product key somewhere in my home or some other place. Even someone breaks
into my home, he will spend a lot of time to find where it is. But what if
someone intrude into my computer? He knows, the product key is right
there...

BTW, how many computers can be activated by one product key?

"Todd Hudson" <tatung70@hotmail.com> wrote in message
news05D280F-6671-4183-A3C2-76896BFCA052@microsoft.com...
> Whats the security issue? It is stored in the registry like most other
> settings.
>
> "zxli" <imzxli@hotmail.com> wrote in message
> news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
>> Hello,
>>
>> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
>> product key out without any UAC warnings. Is it by design? Isn't it a
>> security hole? I'm really embarrassed...
>>
>> Thanks!
>> zxli
>

"Zhenxin Li" <imzxli@hotmail.com> wrote in message
news:eSDSucGMHHA.4376@TK2MSFTNGP04.phx.gbl...
> MS always tells us to keep the product key in a physically safe place. But
> how to protect my product key(in clear text?) in the registry that
> everybody including hackers know where it is? I can hide the physically
> printed product key somewhere in my home or some other place. Even someone
> breaks into my home, he will spend a lot of time to find where it is. But
> what if someone intrude into my computer? He knows, the product key is
> right there...
>
> BTW, how many computers can be activated by one product key?


You need to keep it in a physically safe place so that you can access it
when the computer won't boot. That's why OEM machines put it right on the
box.

One key - one computer.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
Answer in newsgroup. Don't send mail.

I do know there are some special keys which can activate multiple machines.
It is a threat for those keys if the keys can be dumped out so easily.

If I get it correctly(I forget where I heard this), for XP keys, one key can
be used to activate another machine after some months when the first machine
was activated. Is that right?

"Frank Saunders, MS-MVP OE/WM" <franksaunders@mvps.org> wrote in message
news:7F5EF18E-BEAC-4662-98D2-584F44D1B769@microsoft.com...
> "Zhenxin Li" <imzxli@hotmail.com> wrote in message
> news:eSDSucGMHHA.4376@TK2MSFTNGP04.phx.gbl...
>> MS always tells us to keep the product key in a physically safe place.
>> But how to protect my product key(in clear text?) in the registry that
>> everybody including hackers know where it is? I can hide the physically
>> printed product key somewhere in my home or some other place. Even
>> someone breaks into my home, he will spend a lot of time to find where it
>> is. But what if someone intrude into my computer? He knows, the product
>> key is right there...
>>
>> BTW, how many computers can be activated by one product key?
>
>
> You need to keep it in a physically safe place so that you can access it
> when the computer won't boot. That's why OEM machines put it right on the
> box.
>
> One key - one computer.
>
> --
> Frank Saunders, MS-MVP OE/WM
> http://www.fjsmjs.com
> Answer in newsgroup. Don't send mail.
>
>

Do not look for a software solution where there is none.
You need to control physical access to your computer.
See Law 3:
http://www.microsoft.com/technet/arc....mspx?mfr=true

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Zhenxin Li" <imzxli@hotmail.com> wrote in message
news:eSDSucGMHHA.4376@TK2MSFTNGP04.phx.gbl...
> MS always tells us to keep the product key in a physically safe place. But
> how to protect my product key(in clear text?) in the registry that
> everybody including hackers know where it is? I can hide the physically
> printed product key somewhere in my home or some other place. Even someone
> breaks into my home, he will spend a lot of time to find where it is. But
> what if someone intrude into my computer? He knows, the product key is
> right there...
>
> BTW, how many computers can be activated by one product key?
>
> "Todd Hudson" <tatung70@hotmail.com> wrote in message
> news05D280F-6671-4183-A3C2-76896BFCA052@microsoft.com...
>> Whats the security issue? It is stored in the registry like most other
>> settings.
>>
>> "zxli" <imzxli@hotmail.com> wrote in message
>> news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
>>> Hello,
>>>
>>> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
>>> product key out without any UAC warnings. Is it by design? Isn't it a
>>> security hole? I'm really embarrassed...
>>>
>>> Thanks!
>>> zxli
>>
>
>

Where did you find the product key in the registry stored as clear text???
:-)

"Zhenxin Li" <imzxli@hotmail.com> wrote in message
news:eSDSucGMHHA.4376@TK2MSFTNGP04.phx.gbl...
> MS always tells us to keep the product key in a physically safe place. But
> how to protect my product key(in clear text?) in the registry that
> everybody including hackers know where it is? I can hide the physically
> printed product key somewhere in my home or some other place. Even someone
> breaks into my home, he will spend a lot of time to find where it is. But
> what if someone intrude into my computer? He knows, the product key is
> right there...
>
> BTW, how many computers can be activated by one product key?
>
> "Todd Hudson" <tatung70@hotmail.com> wrote in message
> news05D280F-6671-4183-A3C2-76896BFCA052@microsoft.com...
>> Whats the security issue? It is stored in the registry like most other
>> settings.
>>
>> "zxli" <imzxli@hotmail.com> wrote in message
>> news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
>>> Hello,
>>>
>>> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
>>> product key out without any UAC warnings. Is it by design? Isn't it a
>>> security hole? I'm really embarrassed...
>>>
>>> Thanks!
>>> zxli
>>
>
>

Maybe it's not in clear text. But it can be dumped to clear text easily...

"John E. Carty" <jecarty@nospam.hotmail.com> wrote in message
news:OtH6oYHMHHA.4992@TK2MSFTNGP04.phx.gbl...
> Where did you find the product key in the registry stored as clear text???
> :-)
>
> "Zhenxin Li" <imzxli@hotmail.com> wrote in message
> news:eSDSucGMHHA.4376@TK2MSFTNGP04.phx.gbl...
>> MS always tells us to keep the product key in a physically safe place.
>> But how to protect my product key(in clear text?) in the registry that
>> everybody including hackers know where it is? I can hide the physically
>> printed product key somewhere in my home or some other place. Even
>> someone breaks into my home, he will spend a lot of time to find where it
>> is. But what if someone intrude into my computer? He knows, the product
>> key is right there...
>>
>> BTW, how many computers can be activated by one product key?
>>
>> "Todd Hudson" <tatung70@hotmail.com> wrote in message
>> news05D280F-6671-4183-A3C2-76896BFCA052@microsoft.com...
>>> Whats the security issue? It is stored in the registry like most other
>>> settings.
>>>
>>> "zxli" <imzxli@hotmail.com> wrote in message
>>> news:%23HYbnPAMHHA.780@TK2MSFTNGP03.phx.gbl...
>>>> Hello,
>>>>
>>>> Today I tried SiSoftware Sandra under my Vista. I find it can dump my
>>>> product key out without any UAC warnings. Is it by design? Isn't it a
>>>> security hole? I'm really embarrassed...
>>>>
>>>> Thanks!
>>>> zxli
>>>
>>
>>
>
>