Comment by mindslight
3 months ago
Is there a worry that torrent packagers won't be able to work around these, or what's the actual concern here? I mean if you're using Windows for anything beyond a VM binary compatibility layer for some software you must use, aren't you kind of asking to be abused at this point?
If you are getting your OS from some third party torrent packager you are doing it wrong. There are far easier ways to get around this without trusting that some mysterious third party hasn't embedded some malware in their custom Windows deployment.
You're already putting your trust in some mysterious first party to not embed malware...
You're doing that pretty much regardless of what OS you use. Yes, I agree MS has issues, but legitimate malware has not yet been a line they have crossed.
3 replies →
With Microsoft allegedly trying to close down all those ways, it sure sounds like OS modification (or not using Windows) is the reasonable endgame here? I'm not sure how this comment, saying to not use modified OSes but use the "far easier ways", fits with the submitted article. Not everyone has the skills to modify the compiled code files that make Windows require a Microsoft account
If it's so easy, which are these ways, then? Do you think they'll remain available indefinitely?
Not that I don't underwrite the risks involved in getting your OS from untrusted or unreputable sources
The simplest remaining way that I am aware of is actually an autounattend file. This is a Microsoft supplied method that has been around for a long time and something that I truly believe will stick around untouched because it is pretty much a requirement of any enterprise Windows deployment.
Not only does it allow you to create a local admin account, but you can also skip all the other setup screens that you want by pre-supplying values. Throw this file into your Windows boot media, do a fresh install (which you should be doing when you get a new machine regardless), and away you go. I use this both personally and my work environment. Not only are you then not relying on modifying OS ISO's or compilations, but an XML file is relatively easy to verify that only the settings you have set are the ones being input into the system if you utilize a third party tool like the one available at schneegeas.de
I know there are more direct sources. But for the amount of mental energy I want to invest into Windows, discovery through torrents is far easier. My workflow consists of creating a VM, installing / updating everything, taking a snapshot, then removing network access before it gets access to Samba shares with any private information.
I suppose I might still be worried about targeted offline-acting malware if I were using Windows to control some enrichment centrifuges or something. But apart from that, I'm fine with whatever inhabitants it may have frolicking in their isolated jungle.
I don't get why you'd want to get your OS images over torrents. You can download Windows for free from Microsoft's website. You don't even need to buy a key if you know how to set up a KMS server on a pihole or something.
There are trusted tools out there, like Rufus, that will enable workarounds for you if you tell them to create bootable media. Tools with developers you can look up, rather than anonymous pirates.
My only point of installing Windows is to run some other proprietary software, right? So even if I trust Microsoft (which seems like a poor idea given their arc), then I still have to trust all the dodgy software I'm needing to use. So the only real solution is to cut the whole system off from any Internet access before it touches personal data, regardless of how it's installed.
As far as installation process:
If I go to the site of any libre project that doesn't install through nix/apt/etc, it will have a focused list of directions that I need to do to install it.
If I go to Microsoft's site and search for how to install Windows, I will be greeted with a deluge of articles I need to read and understand all of the various different methods and scenarios (after avoiding the links to BUY BUY BUY. I already have plenty of Windows licenses that were anticompetitively bundled with every old laptop I have sitting around, thank you). And then since I want to avoid their consumer install methods that insist on holding victims' wrists, I will likely need to go an eNtErPrIsE route - meaning even more reading between the lines of overwrought bullshit.
Whereas if I download a torrent of Windows, it will come with a focused list of directions that I need to do to install it.
BTW doesn't Rufus only run on Windows? That's kind of pointless for me. My workflow is virt-install --cdrom /path/to.iso
Perhaps I will look into setting up a "KMS server" next time I need to reinstall, but I would guess it's a bunch of admin tinkering for not much gain. The kind of admin work that will have fallen apart in the few years before I need it again.
... doing a quick look it seems like "KMS server" only runs on Windows itself? And there is a libre reimplementation for Linux, but it doesn't seem to be in nixpkgs, and requires setting up a heavyweight "Domain" with Samba? A few lines in smb.conf or nixos config and I'd be game, but no, it looks just as bad as I thought it would be. Please correct me if I'm missing some way that is actually straightforward and simple, but this doesn't seem to be the case!
So yeah in short, that's why.