|
|
|
|
Windows Secrets Newsletter • Issue 147 • 2008-04-03 • Circulation: over 275,000 |
|
Contents TOP STORY: It's official: upgrade hack included in Vista SP1 KNOWN ISSUES: VirtualBox is an impressive VM contender WACKY WEB WEEK: Video shows top 10 ways to break your server WOODY'S WINDOWS: Use Vista's superior system font in XP PERIMETER SCAN: Powerful net monitoring: learn the whys and hows YOUR SUBSCRIPTION: How to change your address or unsubscribe |
|
For links to every topic in this issue, scroll down to the
Index |
|
ADS
|
|
TOP STORY It's official: upgrade hack included in Vista SP1
Previous Windows version not needed for upgrade Just after Vista was first released to consumers on Jan. 30, 2007, an article in the Windows Secrets Newsletter explained that the upgrade edition of the operating system could be installed on a "clean" hard drive. For whatever reason, Vista had been programmed to accept itself as a "qualifying product." This eliminated any need for users to purchase the full edition of Vista or to upgrade Vista only over an older instance of Windows. The Feb. 1, 2007, article by Windows Secrets editorial director Brian Livingston explained that the procedure is supported by several built-in dialog boxes. This indicates that the trick had been deliberately included by Vista's developers. To boost the sales of retail packages, Microsoft announced just over one month ago significant price cuts in Vista, beginning with Service Pack 1. The savings over the old prices vary among different Vista versions, such as Home Premium, Business, and Ultimate. In the U.S., the list price of the upgrade edition is at least $100 cheaper than the full edition. Smaller savings exist in other markets, such as Canada and the European Union, as shown in the table below. The price reductions on the Service Pack 1 version of Vista are even more significant because the upgrade trick still works in SP1, rendering unnecessary the purchase of Vista's full edition. Shortly after the hidden upgrade method was published, Microsoft officials publicly stated that the procedure would violate Vista's end-user license agreement. Section 13 of the Vista EULA (PDF version) says, "To use upgrade software, you must first be licensed for the software that is eligible for the upgrade." "We believe only a very small percentage of people will take the time to implement this workaround, and we encourage all customers to follow our official guidelines for upgrading to Windows Vista, which can be found at WindowsVista.com, instead," said a Microsoft press representative quoted in a News.com article on Feb. 14, 2007. "Following these guidelines will allow customers to easily and validly upgrade to Windows Vista," he continued. Since that time, of course, Microsoft has had over one year to remove the upgrade back door before releasing the SP1 version of Vista. Livingston believes that the company must have consciously decided not to do so. "The fact that the upgrade edition will still upgrade over itself in Vista SP1 proves that Microsoft executives knowingly support the upgrade trick," he says. "I think the feature was deliberately included to make it unnecessary for more advanced and price-sensitive users to ever buy the full version. There is no ethical dilemma with people using a feature that Microsoft has specifically programmed into Vista." Ironically, the original release of Vista's upgrade edition was disappointing to many consumers. They'd been told by Microsoft that the Vista upgrade process would no longer accept the insertion of a disc containing an older version of Windows as proof that Vista was upgrading over a qualifying product. Instead, users heard from Microsoft that the Vista upgrade procedure must be launched while a copy of Windows 2000 or XP was actually running. The upgrade trick that Vista developers included, however, renders that requirement moot. A Vista upgrade disc will install and activate properly even on a blank hard drive that has never previously been used. Installing software from an original distribution disc to an empty hard drive, which is called a "clean install," is a best practice recommended by security organizations, such as NIST and US-CERT. Vista, unlike XP and previous Windows versions, doesn't make a clean install easy. The original Windows Secrets article contains step-by-step instructions on upgrading Vista in this way. In a nutshell, the procedure involves booting a PC from the Vista upgrade DVD. Next, a clean install is performed without the user entering the disc's product key or downloading any patches. Once this unactivated, trial version of Vista is running, the setup program is launched again — this time from within Vista. At this point, the "upgrade" option is selected, the product key is entered, and Vista can be activated exactly like the full edition of the product. Upgrading Vista on a clean machine works in SP1 Once Microsoft released the SP1 version of Vista, I tested the upgrade trick again to see whether the company had removed the feature. I used an upgrade disc of Vista Ultimate SP1 that I'd ordered at retail from Amazon.com. I repeated the original steps and found they work just as well on the SP1 version of Vista as they did on the old version. For PC users who are thinking about installing Windows Vista, the upgrade technique has even more value than it did last year. There are two reasons: 1. Quality. Vista SP1 is arguably a better product than the old, gold version of the operating system. SP1 includes 551 bug fixes, according to a white paper available from a Microsoft.com download page. The company claims in a press release that SP1 addresses security, reliability, and performance concerns with the older version of Vista. 2. Price. Whether or not you believe Vista was overpriced before, it's clearly a less-expensive product now than it was a year ago. As reported by Computerworld, the price cuts range from zero to 47%, depending on the country and the version of Vista. Table 1, below, shows that the upgrade edition of Vista is always cheaper than the full edition of the same version (Home Premium, Business, and Ultimate.) The figures are based on documents provided to Windows Secrets by Microsoft's public relations firm, Waggener Edstrom. The following table shows Microsoft's new suggested list prices and the percentage reduction from Vista's original prices. Street prices for Vista SP1 currently average about 10% less than suggested retail. Table 1. New Vista SP1 list prices and percentage reductions from the originals.
Vista upgrading over itself is no accident After all the publicity, the fact that the upgrade back door is still present in Vista SP1 is a strong indication that the feature has at least the tacit support of Microsoft officials. Indeed, the upgrade label on Vista retail packages, then and now, states that a "clean install may be required." There's no question that users who own a license for Windows 2000 or XP can legitimately save time and money by buying the upgrade edition of Vista and not having to first install the older operating system on a PC. Although a clean install of Vista's upgrade edition — without any prior purchase of 2000 or XP — may violate the Vista license, the result is clearly an installed copy of Vista that is indistinguishable from a full edition. The upgrade edition's lower cost, Microsoft's overall price cuts for Vista, and the fact that Service Pack 1 need not be downloaded and installed separately make Vista SP1 a somewhat better value for users who didn't buy the OS earlier. Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page. Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here's How section of that magazine. |
|
ADS
|
|
KNOWN ISSUES VirtualBox is an impressive VM contender By Scott Dunn My Mar. 27 lead story described Microsoft's Virtual PC and VMWare's VMWare Player as virtual-machine software that PC users should consider — but there's a great alternative to both. A few readers recommended VirtualBox, and my tests show that this open-source upstart includes the best features of both of its competitors. Innotek provides a worthy virtual-machine option Reader Dominic Sim was one of our subscribers who thinks there's a superior way to run XP under Vista using a virtual machine:
Based on my trial, VirtualBox seems to me to offer the best features of both Microsoft's Virtual PC and VMware Player. Like VMware Player, VirtualBox supports access to USB devices (which Microsoft's software does not). VirtualBox is, however, much easier to install and set up than VMWare Player. As with Virtual PC, you need to install some support programs (Innotek calls them "Guest Additions") to get the full value that VirtualBox offers. Note: The normal install procedure, pulling down VirtualBox's Device menu and selecting the Install Guest Additions option, failed for me. I was, however, able to install the additions by accessing the VBoxGuestAdditions.iso file as a virtual CD drive. The installer puts the .iso file alongside the program in the same folder as VirtualBox. You don't need to download anything separately. VirtualBox has a few nifty features. One is the ability to change the resolution of the virtual machine, on the fly, as you resize its window. Although I haven't been able to spend enough time with VirtualBox to give you a complete review, my test drive with the product so far has been very promising. You need more than virtual security for a VM Fran Parker reminds us of a security issue in Virtual PC:
Avoid this serious problem by making users of the XP virtual machine log in to that VM as users without administrator rights. Reader Victor Sacco points out another practical necessity for VM systems.
Finally, on the topic of security, it should be mentioned that the "shared folders" feature of any virtual machine poses known security risks. Shared folders allow the VM and the host machine to share files and other data — a doorway through which more than just files can move. Users need to balance these risk against the potential usefulness of the technique when they consider running virtual-machine software. I'd like to credit the many readers who sent in suggestions to run Windows XP in a virtual machine within Vista. Their comments were in response to my Feb. 14 story on how to set up a dual-boot machine to run both Vista and XP. David Gustafson was the first reader to recommend the VM approach, which is the concept that became the subject of my Mar. 27 article on virtual machines. Gustafson received a gift certificate for sending the comment that resulted in the article. Run Virtual PC on XP Home and Vista Home Premium A handful of readers pointed out that Microsoft's Virtual PC download page makes no mention that the program will run under XP Home Edition or Vista Home Premium. Many readers assumed, therefore, that the program wouldn't run under either OS. I should have reminded readers of a previous article reporting that Virtual PC works just fine on XP Home and Vista Home Premium. That secret from readers appeared in an article on Aug. 2, 2007. Running Virtual PC on either OS, however, goes against the terms of Microsoft's license. To repeat a caution from the earlier article, if you run Virtual PC outside of the license terms, don't expect any support from Microsoft. Readers Sim, Parker, and Sacco will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page. |
|
ADS
|
|
EDITOR'S BOOKSHELF
|
|
WACKY WEB WEEK Video shows top 10 ways to break your server
|
|
INDEX The following topics appear in the free version
| ||||||||||||||||||||||||||||||||||||||||||||||||||
|
YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December. Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Editorial Assistant: Raef Harrison. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
|
