RSS Alerts

Related Links

Related Stories

  • Learn about securing high-privilege system access management
    British security and risk management specialist, Brookcourt Solutions, looks at how to secure high-privilege system access management in the white paper Turning the Spotlight on IT’s Dirty Little Secret: Securing the Common Point of Failure in IT Risk Controls.
  • Panda Security offers beta of Global Protection 2010
    Panda Security has uploaded the first beta test of its next-generation IT security suite, Global Protection 2010, to its website.
  • Infosecurity webinar predictions become reality
    Predictions made by Professor Peter Sommer, a leading IT forensics specialist, in a Check Point-sponsored Infosecurity webinar earlier this week, have become reality with the release of a report at a conference in Prague.
  • Six out of ten employees steal company data
    A study of US workers has revealed that six out of every ten employees surveyed stole company data upon leaving their job in the last year.
  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury

News

Windows 7 - cracked copies now coming to a pirate vendor near you

19 November 2009

The first cracked copies of Windows 7 are now on retail sale in Asia, as well as via download websites also apparently located in the region.

The sales of the cracked copies of Winows 7 mirror the development of cracked copies of Vista shortly after the previous Microsoft flagship operating system was released in January 2007.

Inquirer.net reports that cracked and pirated retail copies of Windows 7 are now going on open sale in the Asia-Pacific region and, according to anecdotal evidence, Infosecurity understands that some UK "outlets" are claiming they will have cracked copies of Windows 7 in stock later this month.

According to Fortify Software, the application vulnerability specialist, the release of cracked copies of Windows 7 come as no surprise.

"The RemoveWAT utility - also known as ChewWGA - exploits at least one of several probable security flaws on Windows 7 to allow a user to bypass the Windows Genuine Advantage registration procedure", said Richard Kirk, Fortify Software's European director.

"This type of crack appeared shortly after Windows Vista went on sale and was solved when Microsoft issued an update. Similar utilities for Windows XP also started appearing in the summer of 2005, shortly after the Windows Genuine Advantage system was made mandatory in July of that year", he added.

According to Kirk, the reason these security flaws exist - which Microsoft promptly patches after they appear in the wild - is the millions of lines of programme code that go into a modern operating system, which makes it extremely difficult to ensure security - as seen with Windows 7.

And, he said, whilst the code security flaws and potential loopholes are a headache for software vendors, they are an even worse problem for operating system developers, simply because of the scale of the coding structures involved.

"The only real solution to the problem is for software vendors to exhaustively test and retest the security of the code from the earliest stages in the software's development stages. Specialised tools can help automate this process, enabling efficient scanning and accurate detection."

Code security auditing and testing, he explained, is a highly specialised industry that can help organisations avoid revenue and data losses when software is cracked, as has clearly happened with Windows 7.

"Microsoft will now almost certainly retroactively re-engineer Windows 7 to prevent any registration loopholes from being exploited", he said.

"More than anything, this highlights the fact that the sheer size of programmes these days means that code loopholes will slip through the net unless you are scrutinising them regularly from the moment they are written whether designed in-house or commercially", he added.

 

This article is featured in:
Application Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water