I’m amoral to the whole legitimacy and pirate debate, but if you or your friends are using a pirated version of Windows 7 and think that you’re safe because of checksums, think again.
The necessary resources on how to pirate the new OS are around if you look hard enough, and many of these sites claim that we should care about the checksums of the downloaded .iso files. No question about it: ensuring that whatever downloaded is unmodified since the author released it, is one of your top priorities.
I am thankful however that the community has gotten to a better level of understanding since the XP/Vista era where people were downloading monthly releases of fully-patched versions of Windows from a variety of groups which seemed to change every so often and in the end were timely to keep track of.
Three Areas for Attack
There are three major areas to watch out for:
- Source for the image file
- Source & weaknesses of the checksums
- Activation
The problem of downloading that image file becomes a matter of trust of the source. How do you trust that group XYZ who normally releases the monthly patched OS is really who they say they are? With social engineering, impersonations and identity theft prevalent in society, are you really going to trust your information to people you don’t even know, just to save a few bucks?
There are checksums for those who are smart enough to look for 3rd party “unmodified” downloads claiming to come from a legitimate source. It’s a shame that the sums Microsoft provides and which everyone relies on, particularly SHA-1, has been vulnerable since 2005 (see paper “Finding Collisions in the Full SHA-1″ by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu). MD5 has also been exposed. Too bad we can’t trust the source of the image file not to have tampered with it even if it does match the authentic sums.
Even if you get past all of that, then the whole activation mischief begins and you are trusting another part of the process to someone else. There are many activators, cracks, BIOS mods, bypasses and patches out there, how do we know the author is not evil?
So stop spreading the word that just because the file you downloaded from an author who claims authenticity and has some sort of file checksum which “magically” matches a trusted sum, that it’s legit. All parts of the process must be trusted, or at least one trusted part of the process must infer trust in an inherently unsecure part of the process.
Bottom Line
If you’re going to pirate, at least do it right (Be a man, do the right thing!):
- Download a copy from Microsoft (or their legitimate distribution partners: Amazon, Digital River). There’s no better way than straight from the source.
- Check the sum. Since we can verify that the source is legitimate, we can rely on SHA-1, MD5, CRC sums that Microsoft provides.
- Learn to modify your own BIOS. As opposed to downloading something modified by another party.
Or just buy it and save yourself the time and trouble!
Consider your sources, be skeptical always and protect your information and yourself from becoming a victim.
Related posts:
Trust, Checksums and Piracy
I’m amoral to the whole legitimacy and pirate debate, but if you or your friends are using a pirated version of Windows 7 and think that you’re safe because of checksums, think again.
The necessary resources on how to pirate the new OS are around if you look hard enough, and many of these sites claim that we should care about the checksums of the downloaded .iso files. No question about it: ensuring that whatever downloaded is unmodified since the author released it, is one of your top priorities.
I am thankful however that the community has gotten to a better level of understanding since the XP/Vista era where people were downloading monthly releases of fully-patched versions of Windows from a variety of groups which seemed to change every so often and in the end were timely to keep track of.
Three Areas for Attack
There are three major areas to watch out for:
The problem of downloading that image file becomes a matter of trust of the source. How do you trust that group XYZ who normally releases the monthly patched OS is really who they say they are? With social engineering, impersonations and identity theft prevalent in society, are you really going to trust your information to people you don’t even know, just to save a few bucks?
There are checksums for those who are smart enough to look for 3rd party “unmodified” downloads claiming to come from a legitimate source. It’s a shame that the sums Microsoft provides and which everyone relies on, particularly SHA-1, has been vulnerable since 2005 (see paper “Finding Collisions in the Full SHA-1″ by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu). MD5 has also been exposed. Too bad we can’t trust the source of the image file not to have tampered with it even if it does match the authentic sums.
Even if you get past all of that, then the whole activation mischief begins and you are trusting another part of the process to someone else. There are many activators, cracks, BIOS mods, bypasses and patches out there, how do we know the author is not evil?
So stop spreading the word that just because the file you downloaded from an author who claims authenticity and has some sort of file checksum which “magically” matches a trusted sum, that it’s legit. All parts of the process must be trusted, or at least one trusted part of the process must infer trust in an inherently unsecure part of the process.
Bottom Line
If you’re going to pirate, at least do it right (Be a man, do the right thing!):
Or just buy it and save yourself the time and trouble!
Consider your sources, be skeptical always and protect your information and yourself from becoming a victim.
Related posts: