The well-known Finnish antivirus company F-Secure has published a report explaining why the most serious consequences from WannaCry's actions were caused to users from Russia and China. It turned out that a pirated version of Windows was installed on most of the infected computers.
Microsoft has patched the MS17-010 vulnerability exploited by WannaCry back in March 2017. Thus, all legal Windows 7, Windows 8.1 and Windows 10 systems were protected prior to the start of the WannaCrypt campaign.
As the ransomware infected a large number of older computers, Microsoft decided to deviate from its rules and released the critical security patch KB4012598 for unsupported Windows systems XP and Windows Server 2003. The company urged users of older machines to install the update as soon as possible to protect themselves from WannaCry.
Updates are released for licensed Windows
However, there is one major problem: users of pirated versions cannot install updates, regardless of whether they are using an old, unsupported system or a new serviced OS. Although there are ways to install latest updates on illegal copies of Windows, Microsoft constantly imposes new restrictions, therefore, depending on the version of the system, the task of installing updates on a pirated version can be very difficult.
According to F-Secure, a huge number of infections were recorded in Russia and China due to the fact that pirated versions of Windows systems are very common in these markets.
F-Secure reports that the size of the infection indicates the number of computers that have not received the security update. This can be due to 3 reasons:
- the patch available in March was not installed for some reason.
- a pirated copy of Windows was used (which does not receive security updates).
- Windows XP was installed on the computer, which is no longer supported and is not receiving updates.
Currently, there are several ways to protect against WannaCry and similar types of malware, but the most convenient, especially if you are using genuine Windows, is to install the latest updates released by Microsoft. For users pirated versions Windows, infection of WannaCry ransomware is one of the risks they pay for using illegal software.
By the nature of their activity (our masters are also engaged), one often hears the question: “What is the difference between a licensed Windows OS and a pirated one (Windows without a separately purchased license)?
- What are the real differences between having a license and not having one?
- Why Windows installation with a license is more expensive for the user than the version with a trial period (free evaluation copy)?
- What are so-called assemblies operating system Windows distributed over the Internet, how is it different from the original image?
The questions are not obvious enough, and in this article we will try to address them.
First, let's look at the concept of a license for the Windows operating system.
So when buying a license for money installation disk, together with the storage medium itself, a key is provided Windows activation.
In addition, you are provided with a sticker for system unit or a laptop to confirm the purchased product.
If you do not have a floppy drive or for some other reason you do not want to use the installation via disk, you can download an image of the operating system from the Microsoft website and install via a USB flash drive (if you have an oem version that is preinstalled on a PC or laptop by the manufacturer, then you will not be able to download the system image). Even if you purchased your license online, you should receive a key package and sticker.
At the time of this writing, the price of Windows 10 is on average 300 BYN (approximately 150 y.e.).
I would like to make a small clarification. By purchasing an operating system, you buy only WINDOWS ITSELF.
There are no drivers in it (they will need to be downloaded from the manufacturer's website), office suite(you must purchase it separately from Microsoft), or use free analogue OpenOffice, LibreOffice.
Office prices start from 250 BYN (approximately 130 y.e.).
It seems clear with a license, the main thing is not to give your key to anyone, because otherwise it will be tracked down and blocked!
In general, for Windows 7 there is a command to reset the trial period (you can use it three times), which will total 120 days. Those. throughout this period you will be able to use official system with all updates.
The command to reset the trial slmgr -rearm enter without any quotes in command line(must be run with administrator rights).
Now let's talk about other methods of activating Windows
If you download images from the official Microsoft website (yes, this is possible without even having a product key), then they are no different from the officially purchased operating system - this is a fact.
The only difference is that you do not have an activation key, so you can only use Windows for a trial period (from 90 to 120 days). This should be followed by either a purchase of a license, or a new clean installation of the OS with the formatting of the system partition (drive C: \).
It is not very convenient, but on the other hand, you always have the original version installed on your computer without using various tricks. It turns out that it is completely legal to use the official version Windows without buying a license can be 3-4 months.
Windows activation, depending on the OS version, can be done either with a key (it was very popular in Windows XP) or with the help of third-party software.
Even when activated with a key, after installing updates, a message may appear again that you are using a non-original Windows version since in some updates there is a license check.
Another way is using KMS (Key Management Server). The KMS server is activated using a special VLC key (KMS host key) and “distributes” licenses to client machines.
This activation method is used in corporate networks where there are many machines and activation with each hand will take a long time. This is a completely legal way to activate Windows for business (not to be confused with pirated KMS activators that walk on the Internet).
Craftsmen were able to adapt it for home use. In the case of this method, you will have to reactivate every 180 days. This can be done manually or automatic mode using Windows Task Scheduler. As a rule, for activators, the task for reactivation is prescribed automatically.
We figured out the licenses. In the cases described above, the system differs only in the activation method. Do not forget about system updates - they can be turned off, but in this case, there is a high probability of a computer infection with a virus (for example, the recent WannaCry virus works only on an operating system where the ms17-010 patch is not installed).
What are operating system assemblies and what could be their danger?
If 3-4 months are not enough, but you don’t want to buy a license (no money, no desire, “we are so used to it”).
Windows assemblies downloaded from the Internet are a rework of the original Windows image"For themselves", or "for the user" with subsequent return packing for installation (RePack).
The advantages of such assemblies: almost all current updates are installed on the operating system, a C ++ package is embedded, which is needed for the correct use of a number of programs (including Skype), a package of dll libraries, frameworks, etc., also usually in one image there is an installation of several system editions ( from Windows xp to 10).
Cons: the first and most important minus - end user does not know what else has been added to the assembly of the system.
For example, there may be a program for sending your personal data to the attacker's computer, and this is not only your passwords from mail and "contact" and "classmates".
Since nowadays quite a lot of things are paid for with a bank card, you will transfer its data to the attacker.
In addition, there is an intervention in the system files of the operating system, which sometimes leads to incorrect work and crashes in the system, although almost all changes are made by means of Windows.
So let's summarize. Since our team is primarily focused on the interests of ordinary users, and not a specific company, we suggest that you familiarize yourself with our objective assessment.
Objective advantages of licensed Windows:
- There will be no problems with the update;
- The ability to upgrade to new version Windows (for versions Windows 7 and older);
- 24/7 support from Microsoft;
- Clean system without intervention
Cons of the license:
- The most important is the very high price of the license (not everyone is ready to spend so much money to buy only Windows and office);
- Even using the original version, there may be problems with the operation of the system (incorrect installed drivers and software)
Pros and cons of extending Windows trial period
Pros:
- The same as the license
Minuses:
- The same as for the license;
- Relatively short period of use
Pros and cons of so-called Windows assemblies
Pros:
- + Update at the time of release of most of the OS components
Minuses:
- The same as for the license;
- Unstable work is possible;
- The likelihood of installing malware in the assembly
Microsoft has published the results of a study of the security of counterfeit Windows distributions, conducted in early 2011 by Group-IB. The experts analyzed unlicensed copies of Microsoft's operating system - Windows XP, Windows Vista and Windows 7.
About 25% of disks with counterfeit copies of the Windows operating system contain malware, experts from Group-IB have found. According to them, 12.5% of carriers also contain malicious codes designed to steal personal data of users.
Scanning of the distribution kit, and subsequently, of the version of the software product installed from it, was carried out by anti-virus tools from several manufacturers. This method has improved the likelihood of detecting malware. Each software product was analyzed by experts, both for the presence of malicious code and for overall performance. The study involved unlicensed copies of the operating system available to Russian users through the main distribution channels: at unauthorized points of sale on physical media (DVD, CD) and on the Internet (torrents and file sharing).
According to research, 94% of all pirated distributions contain activation bypass mechanisms software products Windows, potentially affecting system stability. In addition, in 7% of all investigated copies of operating systems, software was found directly designed to steal passwords and other personal data.
In 96% of Windows operating systems available for download from torrents and file hosting services, the original code has been changed - activation bypass has been implemented software that indicates the presence of unwanted or malicious software. Viruses and Trojans are present in 6% of installation files. Most of the detected viruses and Trojans can be used to steal personal data. Interestingly, 29% are unlicensed copies of Windows, available for download on file hosting services, turned out to be completely inoperable.
If you purchase a counterfeit copy of Windows at unauthorized points of sale, the risk of becoming a victim of malicious software and, in fact, voluntarily providing personal information to third parties increases several times. Every fourth (25%) of the disks checked by experts contained malware, and 12.5% of the disks included programs to steal passwords and personal data of the user. It is noteworthy that the CDs purchased in three Moscow markets, in some cases, turned out to be beta versions of Windows.
"V recent times Russian users are increasingly using their computers for a wide range of everyday tasks, often entrusting them with the most intimate information, including, for example, access to their bank accounts. This is a great temptation for all sorts of scammers and criminals who use malware to gain access to this data, ”says Denis Guz, head of Microsoft's licensed software promotion department in Russia. - One of the common methods of carrying out these criminal intentions, as the study shows, is unlicensed software with its extensive network of implementation and millions of potential victims. Microsoft informs users about the risks they bear by installing programs from questionable sources on their computers. This is especially true for the operating system, which appears on the computer even before any third-party protection tools are installed, which, even after installing them, do not always manage to recognize problems in the originally modified system. "
Based on the research materials, Group-IB experts classified the types and methods of placing potential threats arising from the use of pirated distributions:
malicious software built into the distribution;
Malware embedded in activation tools
the presence of code that is not identified as malicious, antivirus software, but potentially carrying out unauthorized actions in the system.
Researchers pay special attention to the following circumstance: the absence of obvious threats during a preliminary scan of a distribution kit with an antivirus does not guarantee that after installation it will not contain previously undetected malware. At the same time, checking the installed OS with antivirus tools will not always be able to detect the presence of malicious or unwanted software. Consequently, counterfeit software always contains high level threats to the user.
“Regular independent review of software for compliance with licensing requirements allows timely identification of existing threats information security users, - Ilya Sachkov notes, general manager Group-IB. - Piracy causes financial damage not only to copyright holders, but also to users. In 60% of incidents investigated by our experts, it was unlicensed software that was one of the main reasons for system compromise and theft. Money". The most optimal way out for those who do not want to buy Windows license this is
This is the next stage in development Windows programs Genuine Advantage, which Microsoft quietly launched last September. It consists in the fact that with the help of special software, the legitimacy of this particular copy of Windows is checked. This program will form the basis of Microsoft's campaign to increase the number of paying customers to the millions of people using Windows.
Windows Genuine started out as a voluntary program, but then Microsoft began to require legalization from more and more categories of customers who wanted to download the company's software. For example, in March, Microsoft said that those wishing to download the Windows Foreign Language Pack must prove the authenticity of their copy of Windows.
Beginning Wednesday, US customers whose copies of Windows XP Professional have not been authenticated will be able to receive a free licensed copy. To do this, they will have to fill out a tampering statement and provide Microsoft with their Windows disc and a receipt confirming their purchase.
“Our goal is to ensure that replacement is made to people who really didn't know they were being counterfeited,” said David Lazar, director of the Genuine Windows program.
Those without a disc or receipt can purchase a licensed copy online for $ 149. This is cheaper than buying a full copy of Windows XP Pro, but more expensive than the copy of Windows that buyers of a new PC pay for.
“At first glance, it seems suicidal to reward pirates with free licensed copies,” comments Ross Rubin, an analyst at The NPD Group. However, Microsoft is getting the opportunity to demonstrate to customers the benefits of official use of the software and the potential benefits they will receive as legitimate customers when future versions are released. In addition, it can help them identify those who are leading the pirate networks. “In the fight against drug trafficking, the police bypass lower-level dealers to get to the drug lords; so they probably want to get to the pirated Windows distributors, ”says Rubin.
Test program
For the time being, the Windows authentication process remains voluntary for most customers, although Microsoft plans to make such a scan mandatory this summer for anyone who wants to download software from the company's website.
For those customers whose copy does not pass verification, most downloads related to Windows will not be available, but they will still be able to receive security updates - either by enabling Automatic Update or by manually selecting a specific patch. Utility Windows Update, which determines all the necessary updates and offers to download them, will work only for those whose copy of Windows turned out to be licensed.
However, before the program gets this far, Lazar said, Microsoft wants to try out the upgrade process at work. Hence today's proposal, which will be valid until July 30th. What Microsoft will offer next is unknown. “We knew that in order to fully implement the program, we would have to make such an offer,” Lazar said. "It allows us to check."
Specifically, Microsoft will validate a scan tool that confirms that a customer seeking a legitimate copy of Windows already has everything. required files Windows. This tool verifies the presence and integrity of all genuine system Windows files XP, although Microsoft also ships a CD to customers and recommends to those who have suspicions about possible problems with their copy of Windows, reinstall the operating system.
Customer registration
Analysts were concerned that Microsoft could force customers to completely reinstall Windows when upgrading to a licensed version of the operating system.
For now, customers seem to be willing to let Microsoft check their copies of Windows. In the eight months since the start of the program, most of the users surveyed did not mind this. Globally, 48 million customers visited the program page and 27 million, or 56%, indicated that they were willing to be reviewed.
Lazar did not name the exact number of bogus copies Microsoft identified, but said that "the vast majority" of machines have licensed copies of Windows. The global software piracy rate is estimated at about 36%, and Microsoft's results, according to Lazar, are roughly the same as what it was hoping for.
The company tried out a paid upgrade program in China, one of three countries where Windows check authenticity has already become mandatory. Lazar said that "several thousand" customers have accepted the offer to purchase a discounted version of Windows - XP Pro is offered for about $ 150. The vast majority of systems in China have counterfeit copies of Windows.
Michael Cherry, an analyst for Directions on Microsoft, praises Microsoft for being frank about the program's purpose and for having tools to authenticate copies of Windows. At the same time, he expressed a desire for Microsoft to better inform customers by helping them identify fake Windows copies in advance. “This is all very good, but these measures are being taken 'after the fact,'” he says. Consumers are poorly aware of the features Microsoft uses to label its own software, such as Certificate of Authenticity labels and holographic discs. “I doubt my dad knows what a Certificate of Authenticity is,” Cherry said.
