Confessions of a Windows 7 Pirate

"Unfortunately"? I don't get it? What, exactly, was he expecting? Pirates will always be one step ahead. Thwart them and they'll just find a new way to pirate your stuff.

Really - Why provide would be kiddie pirates with tools like this? Poor judgement. Grammar Police - "I am intrigued by how ineffectual the recent Windows Activation Technologies Update for Windows 7 is already so ineffectual. " HUH!!!!! :-) --tayme

Paul are you going to cover this??? http://news.cnet.com/8301-27080_3-10462649-245.html?tag=newsEditorsPicks... "Microsoft exec: Infected PCs should be quarantined" That topic should get you some hits pretty fast. Imagine if Infected PC's were quarantined, Mac sales would soar overnight. It will never happen though.

Calwell, I believe Paul's relation of Bott to Townshend was the fact that Townshend claimed he was doing nefarious things on the Internet for research, just as Bott did.

"Hmm would that be a Xeon 5580 option for a HP Proliant server? OMG!!!!" Still a processor that's only validated for workstation use. Like I said, you can use a Core i7 in some 55x0 chipset motherboards, but running it in an unvalidated configuration is not something that anybody with any basic IT sense would even think of doing. You still didn't figure out why many motherboards don't take them, so I'll give you a brief lesson: W5500 CPU's run at 130W, and in a rackmount configuration (like HP Blades) 130W processors aren't often supported because of power requirements that aren't available, and heat dissipation issues. Of course, you totally don't understand that at all. "Maybe someday you will be able to offer them in your whitebox servers and be like the Pro's?" I only put server processors in server motherboards. Maybe someday, if and when you graduate from that correspondence IT course you're taking, you'll understand the reasoning behind that. ""Microsoft exec: Infected PCs should be quarantined" That topic should get you some hits pretty fast. Imagine if Infected PC's were quarantined, Mac sales would soar overnight. It will never happen though." Um, are you totally DAFT?! Of course infected machines should be quarantined - that is, until they're cleaned. You have no clue whatsoever. tayme, do you let infected PC's have regular access to a network, or do you quarantine them? (I know the answer already - just want to hear it from you) @losta: Better being known for beaver than grizzly bear. You'll be easily forgotten.

"Why document how to break the law? From a guy who admittedly uses DVD ripping software to rip DVDs?" Whenever Paul writes an article like this, he first takes a good look at himself in the mirror. Pondering the question, "Why bother documenting how to break the law?", he realized he'd already done this in his previous examinations of using Windows OEM software for personal use. So when he looked in that famous mirror, he saw the reflection of his neighbor, "Pete Townsend", who regularly "borrows" extra copies of Windows that Paul has for "evaluation" and sells them to unsuspecting customers from the store he runs in his basement. Paul then incorporated Mr. Townsend into his article for balance. Paul's illegal ripping of DVDs never entered into the picture.

@Waethorn - As you said, any PC's infected with any type of malware are immediately blocked from accessing the network in our environment. Local support staff is dispatched to attempt to eliminate the malware or in most cases re-image the PC. Of course for the most part, in a secure environment not much malware gets through...but it has periodically happenned. Question for Waethorn - why this sudden respect for my opinion? It wasn't that long ago that you were saying some of the same things to me about my IT skills. I still think that brand loyalists are simple minded. --tayme

Oops, Ed's article is the 9th result, not Paul's... which is even worse. No one will know how Ed was likened to Pete, only that he was.

"why this sudden respect for my opinion? It wasn't that long ago that you were saying some of the same things to me about my IT skills." Because I know even you're smarter than rrode ;) , and you know already that he's just a shyster. When have you ever seen an enterprise (where the IT manager wasn't totally clueless) configure a glorified desktop computer as a full-on server? "Someone can correct me if I'm wrong, but my understanding of the DMCA (and related laws) is that format shifting DVDs (ripping them) is legal, it's providing the tools that isn't." Ripping DVD's isn't illegal. Ripping *protected* DVD's is. It's worded as "breaking, or otherwise circumventing the digital locks put in place to prevent unauthorized copying".

"Like I said, you can use a Core i7 in some 55x0 chi" Yada...Yada...Yada. HP is the market leader in x86 servers. They have it, nuff said. Cisco offers it as well, per my sales rep. HP/Cisco vs McWhitebox...hmm who do I trust? However I will take that McNasty with cheese.

@rr0de74 - I don't disagree with the article or part of your response to it. Now, does that mean that if Joe User gets blocked, he is going to run out and buy a Mac? Doubtful...they are going to in most cases install some "fix" that themselves that will cause more problems or call a friend with some experience or take the PC in to get cleaned up...or go to Best Buy and buy a new one - which happens quite often. --tayme

rrode: "The article is about joe user, gets some malware and his ISP blocks him the from the internet. " So, how is "joe" supposed to fix his computer if he can't download the necessary anti-malware, or do research on how to remove the virus? Bad idea. Clearly.

"HP is the market leader in x86 servers. They have it, nuff said. Cisco offers it as well, per my sales rep." Just ask Intel if W series processors are validated for server use. They'll give you a resounding "NO!". They make the components. Of course, if you trust some OEM vendor over the component manufacturer themself to offer it up in a configuration that the component manufacturer has sad that it isn't designed for, then you're a bigger fool than I thought. That's also a big difference between OEM's that want to do their stuff their own way even against the recommendations of others, and channel builders that design systems to the component manufacturers specs. The W series processors are nice. They aren't server processors though, and they aren't validated by their manufacturer as server components, no matter what HP or Cisco says. If you don't trust me, fine. But if you're going to trust HP over Intel, when it's Intel's part, then you're just naive. "if you read the link, the Microsoft Exec was focused on ISP's blocking home users from the internet, NOT corporate users. " And I totally agree with that. An ISP has their own network endpoints to secure, and those endpoints are users' home machines. If you had any clue about security, you'd understand that worms and viruses spread over active network connections easily, whether it's among the same subnet in a home network, or to the ISP, or across the internet. Most viruses nowadays start off as trojan executables and communicate with some site to collect a single or multiple payloads. Preventing those payloads from being downloaded after a malicious script or trojan runs will save the user a huge amount of hassle from additional damage caused to their files or to the operating system, would prevent security issues with the ISP, and would warn users much earlier that maybe they're on a site they shouldn't be on in the first place. FYI: Many ISP's already block systems from internet access when they discover that they're infected. Bell Canada, Rogers, Videotron, and most other Canadian ISP's already have that in their usage policies and they often (but not always) contact the user to let them know that their computer is infected. At least, that's what users tell me when they bring their system in for a clean up. Usually it's due to some kid of theirs (and sometimes even adults) downloading pirated music or programs from LimeWire, FrostWire, or Bittorrent websites. In more recent incidents, it's been because of some Google-served ad on Facebook or some free gaming website that auto-refreshed their browser to a page that looks like Windows XP's Windows Explorer and said they were infected, and then subsequently asked them to install a [fake] antivirus program to clean it.

BTW: "I will take that McNasty with cheese" In the US, that's what you'll get in McDonalds. I won't argue that. Also, BTW: McDonalds Canada had low-fat and health-conscious menu items long before "Super Size Me", and I would bet that if Morgan Spurlock filmed in Canada, his argument wouldn't hold up ( http://en.wikipedia.org/wiki/Super_size_me#Alternative_experiments ) . They even did away with trans fat long before the US. They've been trans fat free long before most of the other fast food chains in both countries too.

"Of course, if you trust some OEM vendor over the component manufacturer themself to offer it up in a configuration that the component manufacturer has sad that it isn't designed for, then you're a bigger fool than I thought." Its HP, not "some OEM". http://h20331.www2.hp.com/enterprise/w1/en/messaging/realstory-server-mk... If HP is going to support it I don't really care what Intel says. I think Intel makes great hardware, I used their motherboards exclusively when I build my own Desktop PC's. However I would trust HP over Intel when it comes to servers in a corporation. At any rate we are looking at the 5550 or 5560 to save money. You pay a steep premium to run the fastest clock speeds and most of the times the difference is only noticeable with a benchmark tool. I would be perfectly fine if my ISP blocked infected machines, it would not effect me. There would be lots of upset (unknowing) Windows users. In today's world it would be like turning off the power for some people if they lost their internet access.

"However I would trust HP over Intel when it comes to servers in a corporation." Ya, HP. The same HP that has probably the most crapware of any PC maker. The same company that had a recall of DV2000, DV6000, and DV9000 laptops for 2 separate problems (one problem for Intel systems that would overheat and burn out due to fan RPM issues with the BIOS, and one problem for AMD systems where the motherboard would short out the mini PCIe slot, making wireless unusable forever) and then changed the terms of the recall (TWICE!) within the term, and then silently killed it because it cost them too much to fix machines....even for the limited SKU list that was affected (and many SKU's were exempt from the recall even though they had the exact same symptoms!) Yup. THAT OEM. I wouldn't put much faith in their decision to self-validate something out of spec, sorry. That's just not an action that anybody that has any knowledge of the companies machines should condone. That's even worse that hardware makers that try to "self-validate" drivers instead of going through the WHQL (Creative, and all of you "business document imaging solution providers" like Panasonic and Fujitsu - not just a printer manufacturer -, I'm looking at you). FWIW: I don't mind HP's laser printers. They are still some of the best value in colour laser printers for your dollar. Their network scanners (and network all-in-ones) don't work worth a damn though. I'd rather recommend a small business to buy USB flatbed scanners with sheet feeders for each required desktop and just buy a network printer to share to avoid the software issues with their network scanners. @Doc: Did you hear about this new thing about PSA's now being harmful and NCI recategorizing them as inaccurate?

I agree with you 100% Wae. And I have had several young docs and friends that have been diagnosed with Prostate cancer. It certainly makes me wonder if their studies are being read correctly. And thanks for your help. Although the dotnet thingy did not really slow my computer, it bothered me a lot since it's the last one I built and sorta felt that I did something wrong. But she's FULLY up to date! [and I can stop trying to install it, again and again]

In the last two years I have known Windows users that have both autoupdates on and valid AV software, that have gotten infected. The Antivirus 2008/2009/2010 is bad and it looks to Joe User like Windows is telling the user they need to clean the virus or whatever action it asks them to take, like Windows dialog box. Anti-virus software is almost useless in these cases.

@Waethorn: "They take it to a trained expert computer technician (like me....or my tech workers) at a well-respected and trusted computer service centre (like mine)" So, rather than me giving my friend help over the phone (which I do often), I should send them to somebody who is going to charge them an arm and a leg. Generally, computer repair people are theives (especially best buy), making upwards of $100's of dollars per hour where only a few minutes of actual work time are done on the computer. I do computer work on the side, and as a rule I don't charge people more than $20. If they want to pay me more, they can. If not, no sweat of my back, fixing computers really doesn't take that long.

"In the last two years I have known Windows users that have both autoupdates on and valid AV software, that have gotten infected." I saw a system just a few days ago with MSE installed and up-to-date and they caught something called "Security Tools 2010" (another fake AV clone based on WinFixer, as they all are). They were on a Facebook page that redirected their browser to one of those websites that looks like XP's Explorer, just as I had mentioned. It was stored in the Documents and Settings\\Application Data folder as a 4MB EXE that loaded at startup and there were 2 copies. It would block Windows services and executables from running with a popup saying everything was infected (it wasn't, but it blocked them from loading). I rebooted the machine, ran Task Manager manually (taskmgr.exe) before the program got a chance to load and block me from hitting Ctrl-Alt-Del. I shut the malware down once it tried to load. I downloaded the updates to MSE manually on another computer and stuck the file on a USB key. I popped the USB key in the computer and loaded the definitions by launching the update EXE for them. MSE still didn't detect it. I removed the startup entry from the registry and rebooted the computer to make sure the startup entry wouldn't regenerate (fake AV stuff doesn't usually do that, while older viruses often do). It didn't. I went to the folder for the 2 EXE's and zipped them both. I moved the ZIP file to the desktop and then deleted the containing folder (force delete, not just move it to the Recycle Bin). I password-protected the ZIP file too. I then emptied the Recycle Bin, ran IE's file cleanup thingy to remove temp internet files, cookies, and histories (typed and saved) so that the user didn't click the link by mistake again. I then ran a complete scan to see if anything else bad was on the machine. There were no unusual startup items left, and no viruses were found. This system was recently reformatted anyway, but the guy just picked this up after visiting Facebook. I took a chance and reconnected it to an isolated internet connection that we use for customer machines in for service (separate from our business network). I uploaded the ZIP file sample to Microsoft's Security Response Team and used the password "infected" as they instruct. That was two days ago. Yesterday, they added detection to their virus definition updates and classified it as "Severe". It is now detected. The sample became part of the detection for this: https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx... So, FWIW, antivirus software didn't work in this case. However, I knew how to deal with the problem manually, and I had a hand in improving future detections of this malware so that I don't have to do it manually again for another computer. This leads me to my next point: "I do computer work on the side, and as a rule I don't charge people more than $20." ....which is fine - if you're doing it on the side, to help out. I've paid for years of education and certification, and have employees that have done the same. Have you? Do you do it to make a living? What is your occupation? Did you pay for several years of education just to make $20 a project in your job? Do you think the Doc here can justify paying probably 10's of thousands of dollars (maybe more) for his medical degree just to make minimum wage? Computer technical work is a skill. If you have a real education and experience to back a skill, your professional service is worth more than good intentions. That said.... "Generally, computer repair people are theives (especially best buy)" I won't argue that. Best Buy's Geek Squad doesn't even hire people with A+ certification, which only certifies someone with basic computer knowledge. Future Shop used to, but after being bought by Best Buy, they ended that requirement. That's not indicative of the computer industry as a whole though (just a very noticeable one, what with the number of stores and the presence of the brand). "making upwards of $100's of dollars per hour where only a few minutes of actual work time are done on the computer." 100's of dollars/hr means that the customer isn't shopping around. Average work in Toronto is about $55-75/hr for contract IT workers (which usually come from an IT firm, so the worker won't see all of that). Again, that depends on your skill level for the job. More [relevent] skills = more pay. That's just a fact of life. If the worker is proficient enough and skilled enough to get the job done quickly, that's also worth money. Expediency is also a skill, ESPECIALLY in IT, when downtime costs the customer money. Dishonesty is dishonesty though. For Best Buy to charge $200 for "system optimization" and all they do is go through the out-of-box-experience in Windows on a new PC is completely dishonest. If a customer buys a PC from me and they want help setting it up, I walk through it with them. One of the biggest problems with what big box stores do is they accept the EULA on behalf of the customer without having the customer sign off on it first. That's a big licensing no-no. If a customer buys a system from us, and we have to step through the initial setup to, say, copy their data from their old machine, we have them sign a printed copy of the EULA for Windows, and fill out a form for the settings so that they know which settings are set (such as initial username, computer name, auto-updates, etc). The customer is in complete control of the settings and we follow their choices. We make the same recommendations that Microsoft does (such as making a password, and turning auto-updates on) so that they don't miss anything.

"If your friends use an AV worth it's salt and keep their systems patched, yet still manage to get infected, the problem goes beyond the computer itself." Acquaintances really that I meet through kids sports, church etc and I dont charge them anything. I agree 99% of what I see these people get, they got from clicking OK to something. I have seen some of this stuff on the screen and I can see how someone would be fooled into thinking the OS is prompting them and not something bad. No update or av software is going to stop that. I take a look and sure enough they have something even with AV and Updates. Running MBAM or other stuff usually will detect it and most of the time clean it. However I have seen some stuff that when I try download MBAM it redirects me. Or once I saw something that would not allow the MBAM to run, it blocked it. In that case MBAM has another executable file with a different name that you download. Then you boot into safe mode, copy the file to the same directory and launch it. This stuff is getting worse, its social engineering, and its targeting Windows because of its market share. AV and Updates is not stopping it. Facebook + 15-25 year old running Windows = JACKED UP PC. Macs are not bullet proof, but their low market share numbers are......so far.....ignored by this stuff. If they keep having record quarters someone is going to focus on them and will clean up early on because of the false sense of security.

What I don't understand is why would good AV not catch this? The fake AV software ends up being an exe just like all the others, and AV scans those. Even if the user is tricked into installing it, your real AV should flag it. If I remember correctly, MSE supposedly updates (or checks for new) signatures 3 times a day (not sure if this is true or not, but even once a day seems acceptable). MSE also caught 98% of malware. What makes these fake AV malware somehow "different" that they can't be detected?

I have helped quite a few friends, as well as know about their experiences with computer repair companies. Although not cheap, they were worth it. They did not charge into the 100/hr range unless they made a house call, which seems appropriate because of traveling, IMO [this decreases ability to work more in their own shop, so they need to charge more]. Kids and dumb adults seem to be the problem. Downloading pirated music, apps and movies as well as the 'free' utilities and apps, which are malware. My two 8 ys olds and my 9 yr old girls tend to Google search for pics of animals and other stuff to print, and occasionally download a virus or trojan on fully updated systems, but my AV protection seems to catch it. If I read about something that my group should not do, I email them all a warning, as well as periodic reminders of AV needs and backup. Lately, a couple guys found registry cleaners and alerted everyone of how mush faster their systems run, and recommended WISE. I was afraid that some of them would investigate more and DL malware instead. So, there are many sources of malware and it's difficult to shut them down. The big pirate sites seem to be the biggest source. It's too bad they can't be shut down for good.

http://webtoolsandtips.com/pc-security/shocking-a-live-example-of-how-we... A good example of what happens. Out of the 5 attempts by malware to install its self this guys fully updated/av box detected one of them. He of course knew what it was, but for the average user they would have clicked OK probably with out reading anything.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1363... Great read on what this stuff is. "Rougueware" is a new term to me. Here is why AV is not catching it... "Those hundreds of thousands -- approaching a million -- variants make life tough on legitimate AV vendors, using polymorphic techniques to change with each installation and challenging AV companies to spew out signatures. They are generally harder to detect than other malware, because they are not doing anything clearly. It's just that they are sending out bad information."