While Redmond turning a blind eye to piracy is often cited on the net as a corporate strategy of the past and even the present in developing markets. It is rare to see such heavy academic weight behind such an analysis, not to mention in the mainstream press, where writers have researchers and fact checkers to turn up such unguarded moments like Bill addressing an audience at the University of Washington.

“Although about 3 million computers get sold every year in China, people don't pay for the software. Someday they will, though, and as long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade."

Can you say dissemble?

Source: Los Angeles Times (http://www.latimes.com/business/la-fi-micropiracy9apr09,0,414067.story)

Maybe M$ already have a secret way of tracking everyone who is using pirated versions and plans to use it against them in a few years time...!

I wouldn't call Windows Media Player exactly secret :p

Maybe M$ already have a secret way of tracking everyone who is using pirated versions and plans to use it against them in a few years time...!
Well inside windows there are multiple user accounts made for something like "Microsoft support" and some other more vague terms, and by default windows comes with "allow remote assitantance invitations to be sent from this computer" enabled. So whenever they want to they could probably have every internet connected copy of windows call home.

I just looked up these accounts-
SUPPORT_388945a0
HelpAssistant
ASPNET

I have no idea what any of these accounts do. The scarier part is that they have these options enabled by default-
*user cannot change password
*password never expires

Although the top 2 are disabled.

part of a Group Policy Security Template
I don't use XP myself is that Home? or Pro?

you don't see that in W2K Pro which is shipped without alot of default settings
its wide open infact and needs to be seriously locked down by defualt

those settings could come from either the defualt install or a service pack or even a hotfix update, and your box will "call home" when you go get updates (either automatic or manual) and report all sorts of information that supposedly isn't personally identifiable to you (versions installed software hardware)

however Microsoft recently assited in authoring a state bill which if it where to pass as written could allow them to "search" you computer for illegal content :rolleyes:
at least in its broadest interpretation

personal security checklist:

install Service Pack and hotfixes

(generally I download & burn service packs from the enterprise download and any odd hotfixes with a secured computer, but if you can't: How to Download Service Packs w\ Knoppix (http://www.enterprisenetworkingplanet.com/netsecur/article.php/3450731))
close the vulnerable NetBIOS ports and cleanup bindings
Cofigure IPSec
Retrict access to LSA info

disable unecessary services

disable Guest account
setup my user account (delete or limit every other account other than the administrative account)
rename Administrator account
create fake Administrator account (disabled)
enable network lockout of the true Administrator account
Limit the number of logon accounts

remove the "Everyone" group and replace with "Authenticated Users" shares
disable default hidden shares, administrative shares, IPC$

disable HTML in e-mail
disable ActiveX
disabling or limiting WHS\VB\Java\Java Scripts (install, Script Defender, noscript.exe)
rename shscrap.dll to shscrapold;
Unhide File extensions, protected files, all files and folders

Enable Encrypted File System
Encrypt the Temp Directory
setup to clear the paging file at shutdown
lockdown the registry

disable dumpfile creation
remove insecure subsystems (OS/2 and POSIX)

protect or remove: arp.exe \ at.exe \ cacls.exe \ cmd.exe \ Command.com \ cscript.exe \ debug.exe \ edit.com \ edlin.exe \ finger.exe \ ftp.exe \ pconfig.exe \ Issync.exe \ nbtstat.exe \ net.exe \ Net1.exe \ netstat.exe \ netsh.exe \ nslookup.exe \ ping.exe \ posix.exe \ qbasic.exe \ rcp.exe \ regedit.exe \ regedt32.exe \ regini.exe \ rexec.exe \ rsh.exe \ route.exe \ Runas.exe \ runonce.exe \ telnet.exe \ tftp.exe \ tracert.exe \ Tlntsvr.exe \ wscript.exe \ xcopy.exe
remove the .reg file association from the registry editor
these all make it much harder for someone that has already compromised your computer
if there is a brain behind the attack (a hack or trojan) then they would need to reenable these if they can, which might tip their hand, the same goes for an automated attack like a worm, if it could manage it at all, and many more minor peices of malware\spyware, rely on some of these for infection or more accurately reinfection like runonce.exe, regedit, ect or as the vector for infection in more serious malware like ftp or telnet

Install and schedual trojan scanner, anti virus and intrusion detection
Install and configure ProcessGuard <<<<<<!!!!!

Install Firefox with the noscript extention,

secure Internet Explorer

1. copy this text into a notepad and save it as noaccess.rat
and save it in WINNT\system32 (W2K) WINDOWS\system32 (XP)


((PICS-version 1.0)
(rating-system "http://www.microsoft.com")
(rating-service "http://www.microsoft.com")
(name "Noaccess")
(description "This file will block all sites.")

(category
(transmit-as "m")
(name "Yes")
(label
(name "Level 0: No Setting")
(description "No Setting")
(value 0) )
(label
(name "Level 1: No Setting")
(description "No Setting")
(value 1) ) ))


2. Open IE > Tools > Internet Options > Content > Enable > General tab > Rating Systems > delete all > add > noaccess.rat > OK > Approved Sites Tab > add

http://technet.microsoft.com/
http://update.microsoft.com
http://support.microsoft.com/
http://www.microsoft.com/windows2000
http://www.microsoft.com/windowsxp/

clicking "always" after each > General Tab > User Options > Check Supervisor can type password to allow users to view restricted content > uncheck Users can see sites that have no rating > set password


and Lockout access to it with NTFS Permissions to all accounts other than the Administrative Account

configure security policy control
enable auditing (logon, object, privilege, account management, policy, system)
set permissions on the security event log
set account lockout policy
assign user rights
set security options
configure firewall
baseline Rootreveler

>>>>>>>>> connect to the internet


Test
Run Baseline Security Analyzer (freeware)
Run NessusWX (freeware)
Do multiple remote Port Scans

Software Install
install other software and baseline HijackThis & RootRevealer after each
Disable Restore Points (if XP) and Ghost the install

Its extremely rare any one box would get all of those
but I consider all of them

I just looked up these accounts-
SUPPORT_388945a0
HelpAssistant
ASPNET

Although the top 2 are disabled.

I know that ASPNET is linked to the M$ .net service, I always delete that account because I don't see the point in it... not that I have to worry about windows too much because my copy really is genuine.