Is Mandatory Windows Validation a Security Risk?
Microsoft's plans to clamp down on the way illegal copies of its flagship Windows operating system receive updates—including security patches—could have a major impact on the SOHO (small office, home office) market and increase the risk of malicious hacker attacks, experts warned Wednesday.
The warning follows an announcement out of Redmond, Wash., that the "Windows Genuine Advantage" anti-piracy initiative, hitherto voluntary, will be mandatory by midyear.
The program calls for Windows users to validate product keys, PC manufacturers and OS versions to allow Microsoft to crack down on cracked versions of the operating system.
"This shouldn't surprise anyone. We all know this was coming once Microsoft went to an activation model for Windows XP," said Rick Fleming, chief technical officer at Texas-based security outfit Digital Defense Inc. "From a pure business standpoint, I understand it. Software vendors are losing the war against piracy, and they have to make some tough decisions."
However, Fleming said any move to limit the application of critical security fixes will "create bigger headaches" for everyone
"The security implications concern me," he said. "Even now, with patches available to everyone, we know there are folks who ignore software security. There are others who will simply refuse to validate, and their unpatched machines will be a bigger threat."
For its part, Microsoft said it will continue to push out critical security updates to customers through Windows Automatic Updates, with or without product key validation.Full Read At eWeek
Edited by TeMerc, 27 January 2005 - 01:50 AM.